Safeguarding Your Corporate Identity
By Brad Mueller, CLU, and Scott B. Tracy, CPA
Horror stories about identity theft have made us vigilant about protecting our credit card numbers, Social Security number and other personal information. However,in our rush to protect personal information, it’s important we do not ignore the growing threat of corporate identity theft.
Stealing a company’s identity and using it to deliberately perpetrate fraud can cost millions and devastate an otherwise healthy, growing company. Identity theft has always been a risk, but the frequency and severity of corporate identity theft have been on the rise as technology overtakes every aspect of business. Wireless networks, smart phones, cloud computing and social media have all added to the vulnerability of data that must be managed and protected, and upped the stakes when the best protective measures fail.
Equal Opportunity Theft
Corporate identity theft is also not confined to banks and credit card companies, although financial services providers must meet strict government reporting and protection standards. Any business that routinely collects sensitive information like account numbers, business registration numbers, credit histories and other key data can be a target.
Types of Corporate Identity Theft
• Government reporting and regulatory information that is in the public domain can become fodder for criminals who seek an understanding of people and processes in a business.
• If not protected, company logos and graphics are easily downloaded to create fake documents and websites.
• Personal and corporate information is gathered through fake emails that appear to be from a trusted colleague to an executive such as the CFO.
• A convincing copy of a government or financial institution website is used to harvest personal and corporate information.
Corporate identity thieves may use identity information themselves or sell it to others. Generally, they are looking to quickly generate cash using vital information about a company to:
• Open lines of credit and illegally gain access to thousands or even millions of dollars
• Open high-limit corporate credit cards, make purchases and then sell the merchandise for cash
• Set up sham corporations or websites using false identity information
• Hijack social media to distribute false information
The result: A trail of ruined credit, financial liability and battered reputations that is time-consuming and costly to repair. A small business may never recover.
Preventing Identity Theft
Have a Plan – Start with a risk assessment and create an enterprise-wide security strategy. Cover all aspects of information security, including prevention, detection and your response to an information breach. Small companies are especially vulnerable due to limited resources and expertise, but adequate protection is only possible when a plan is in place.
Educate and Inform – Include all employees, executives, partners, vendors and even customers. It begins with awareness of the threat and the potential consequences, and continues down to individual roles and responsibilities in prevention and reporting. Give your customers, vendors and subcontractors peace of mind by telling them what you’re doing to protect their information and the company.
Designate a Leader – Give responsibility for planning and implementation to a trusted top level manager. He or she should become your internal expert and the go-to person to report suspicious activities.
Create Written Policies – Define permissible use of company technology and specify steps every employee must take to safeguard information in every form. Agreeing to these policies should become a condition for employment and for doing business. Require at least annual review.
Implement Controls and Procedures – Include information security in your enterprise-wide fraud controls. Include records of actions and activities, multiple approvals of certain transactions and regular monitoring to detect irregularities. Perform frequent, random testing to assure that controls are working as intended.
Deploy Hardware and Software – This is not just computer hardware and software, although that will be a major concern. Hardware can also include locks on doors, filing cabinets, shredder bins and dumpsters. Access should be limited and passwords must be frequently changed. Software must be kept current to address evolving criminal techniques.
Monitor Activity – By the time identity theft is detected, the damage may already be done. That’s why it’s critical to regularly monitor accounts for suspicious activity, investigate unknown charges or users, or ask about late or missing statements and invoices. Make sure you remain in good standing with credit agencies, lenders and government regulators, and that irregularities are reported and addressed immediately.
Make Prevention a Priority
Brad Mueller, CLU is a principal at Clifton Gunderson Wealth Advisors LLC (CGWA), a financial planning and investment advisory practice owned by CliftonLarsonAllen LLP (CLA). CGWA is an SEC-Registered Investment Advisor and a wholly owned subsidiary of CLA. Mueller specializes in wealth transfer, asset protection, and executive benefit programs for business owners, trusts and professionals. He can be reached at Brad.Mueller@cliftonwealthadvisors.com or (608) 662-9150.
At the time of this publication CGWA is in the process of integrating with CliftonLarsonAllen Wealth Advisors, LLC, also an SEC-Registered Investment Advisor and a wholly owned practice of CLA.
Scott B. Tracy, CPA is an assurance services partner with CliftonLarsonAllen LLP and is a national firm construction and real estate practice leader. He can be reached at Scott.Tracy@cliftonlarsonallen.com or (414) 721-7517.
Associated General Contractors of America
2300 Wilson Blvd, Suite 400
Arlington, VA, USA
Ph: 703-548-3118 Fax: 703-837-5402