Access Keys

Identity Theft - Protecting Your business from Identity Theft

Business

More topics >

Identity theft

Your identity and your reputation are precious assets and it’s very important to look after them at all times when you are online.

What is identity theft?

Unfortunately there are criminals who use the Internet in various ways to gain access to people’s personal details illegally. They then use those personal details to open bank accounts and get credit cards, loans, state benefits and documents such as passports and driving licences in that person’s name. Because this is a very lucrative business for criminals, they devise numerous ways of trying to get hold of personal documents or contact people under false pretences via the Internet and to trick them into sharing that information. Sometimes they even rifle through bins to try and get hold of valuable documents or items containing people’s personal details.

Once they have obtained all this information, the criminals have effectively stolen that person’s identity.

Identity theft can result in fraud affecting your personal financial circumstances, as well as costing government and financial services millions of pounds a year. You need to know how to protect yourself, and understand what to do if it happens to you.

Protecting your personal data

Be careful about the information you give away about yourself online.

Once someone tricks you into giving them your information, there’s no delete button on the Internet. If you publish something that contains personal information (for example, your date of birth, your address, dates when you are going on holiday etc), even if you delete it later, you have no control over how it is stored, copied or archived. Think twice about publishing something you might later regret.

For that reason it’s a good idea not to share too much information on social networking sites and blog sites such as Facebook and MySpace. Identity thieves can piece together your identity from a variety of sources to get a complete story. For more information on how to be safe whilst using social networking sites refer to our section on Social networking safety.

Equally, if you write and publish a blog or maintain a personal website, it is good idea to keep your personal details private, rather than sharing too much information online from which people could piece together your online identity. For more information on blogs refer to our section on Blog Safety.

Tips to help you avoid identity theft

There are a lot of things that you can do to protect yourself, make sure that your personal data stays safe, and that your identity is never stolen or compromised. Here are just a few ideas:

Shred confidential waste
To stop people obtaining confidential information from your dustbin, make sure that you shred all your unwanted confidential waste before you throw it away or recycle it.

Keep a separate email account to manage your sensitive personal data
Have a separate email account that you only use for password reminders and online account details to be sent to. Then, if your main email account becomes compromised, you will still be able to use this non-public, hopefully uncompromised account with which you can manage your password resets and communicate with operators of any sites using critically sensitive information such as online banking etc.

Do not publish the details of this special email account to friends, on social networking sites etc. or use it for non-sensitive sites such as general shopping sites.

It’s also a good idea to make sure this special email account has a different password from your main email account, and for extra security, host the special account with a different email host from your main account. That way, even if your email host is hacked, your special email account will be not be compromised.

Use different passwords for different sites
Don’t use the same password across multiple websites. It is obviously more difficult to manage a number of different passwords, but it is definitely worth the effort. For example there is a security breach at your social networking site, it will not expose your online banking or other sensitive credentials if you have used different passwords for those sites.

Password manager software and online data safes
To help you keep your passwords, user IDs and other sensitive data safe somewhere other than in your head (where you might forget it) or written down (where anyone can find it) you might consider using tools such as password manager software or an online data safe.  Many types of security and anti-virus software (such as Kaspersky PURE) include a password manager. You can store all your user log-in IDs and passwords within the software, and the password manager software itself is protected by an encrypted password. That means that as long as you can remember the code to decrypt the password manager, you don’t need to remember all the others.

Online data safes work in a similar way – all the information you choose to save in an online data safe is encrypted and compressed before it even leaves your computer.

It is then stored on a secure storage site as a backup copy, using your internet connection. The information is then ‘locked’ with an encrypted code that is the only way to access the data you store within it.

Always check a website for the padlock symbol
Whenever you are using a website that requires you to input sensitive personal data (address details, phone numbers, bank details etc) always check the padlock symbol that should be displayed. If a website cannot be bothered to at least encrypt the internet connection, then don’t fill in any forms asking you for personal information.

Instead, choose a competitor that does use encryption and do business with an organisation that is at least doing the basics to look after your data.

Learn more about safety when online shopping.

Beware of unsolicited emails
Don’t open unsolicited emails as they can contain links to code that can infect your computer.  If you do open one by mistake, don’t click on any links or reply in any way to the email.

See more about hoax or unsolicited emails.

Following this advice should protect your personal data and enable you to feel confident about using the Internet without compromising your security or having your identity stolen.

Further information

For further information on Identity theft visit: www.identitytheft.org.uk

This personal information might also be of interest: Identity theft

How to choose a good password

Creating strong passwords gives you much needed protection against potential online fraud.

There are many sites that give you advice on how to write a good password, but the basic principles are:

  • Mix characters and numbers
  • Mix lower and upper case
  • Make sure your password is at least 15 characters long
  • Make your password long and complex
  • Remember your passwords and write down clues to help you remember
  • Don't use the same password for everything

Further information

For more information about how to choose a good password visit: www.bbc.co.uk/webwise/guides/choosing-a-password

For tips on using strong passwords visit: www.getsafeonline.org

This personal information might also be of interest: Identity theft, Online safety

Data security

When considering data security in business terms, it’s very important to consider all the ways in which data can fall into the wrong hands.

Loss or theft of hardware

When thinking about the security of data stored on your company’s hardware, you must consider all hardware that receives or stores business data. This can include personal computers, laptops, mobile devices and corporate servers. Each of these pieces of hardware may be used by an organisation to send or receive corporate data.

Backup regularly

Firstly, ensure you backup corporate data in a number of locations. Many companies protect against accidental damage to servers by hosting backup servers in different locations. In this way, should a server become damaged by unforeseen circumstances such as a flood or fire, the backup servers, located elsewhere, are unlikely to experience problems at the same time. Corporate data can be set to automatically back up on a regular basis such as once a day, overnight to ensure no disruption to the working day.

Secure your office space

By taking simple precautionary measures such as locking all doors and windows and installing alarm systems, you can deter potential thieves from attempting to steal hardware (or data) from you.

Control worker policies

By setting up antivirus systems, installing keyword and spam filters in corporate emails systems and controlling the activity that workers are allowed to undertake on their PC’s you can effectively safeguard against everyday hackers, viruses and spam. Large organisations can be specifically targeted by hackers in an attempt to steal corporate or customer data. Making it difficult for hackers to gain information can deter their efforts.

Ensure workers use secure passwords and that they change these passwords regularly. When using such passwords, if hardware should fall into the wrong hands, thieves will be unable to login and access data stored on the computer or device.

Further measures

Using further methods such as VPNs (Virtual Private Networks) and installing central control and administration of mobile or remote hardware (such as worker laptops, mobile devices or home based remote PCs) you can help protect against theft of corporate information by data interception between the office and mobile workers. Using these methods can also give a centralised administrator the power to monitor remote and mobile hardware, wipe it of all data or make it entirely unusable.

Further information

For further information on data security visit: Get Safe Online

This business information might also be of interest: Online safety

Protect your business’ identity online

Making sure people find you when they look for you

There was once an electronics company on Twitter. Except it wasn’t – the company itself knew nothing about it. Someone else was using the company’s name and they weren’t even being malicious about it.

Someone who was a big fan of the products decided to set up a mini-blog to tell everyone how brilliant the televisions were, how great the audio systems sounded and how swish the cameras could be.

The company itself was in a difficult position. It didn’t want to stamp on someone who had genuine enthusiasm, clearly. This is a good thing in anybody’s business. It needed, though, to take control of its own identity. The whole thing was settled amicably – but for a brief time there was confusion with customers contacting what they thought was the actual company for technical help.

Why is this important?

In the electronics industry instance absolutely no harm was done and, we should stress, none was intended. The incident does underline, however, the importance of taking control over your own identity and your name online. An unscrupulous competitor, for example might impersonate your business and be a little less helpful when it comes to handing your name back.

A member of staff can also wreak havoc, quite unintentionally, or even intentionally. A well known airline announced that it was going to set up a Twitter account. One of the staff, who had no time for social media, set up an account in the company’s name and when people asked about reservations, problems booking etc, they simply replied with an obscenity.

It lasted about an hour and was taken down as an obvious fake – no doubt the person in question was similarly removed from the office. But what if it had been done with actual malice, and more subtly? What if (for example) the electronics fan had been trying to do damage, and put up messages like “hope the chip shortage doesn’t affect us too badly, most orders should be almost on time” or “Surprising amount of product returns this month…”

Of course it would be intercepted and caught – but not before some customers had gone elsewhere.

How do I get involved?

Protecting your name is an essential part of business, and it can be time consuming. The first thing to do is to register as a company if you haven’t already. If you have anything worth trademarking then trademark it, resources and finances permitting.

In the online world the good news is that some of the sources of potential difficulty are free. Even if you have no intention of using them, for example, it’s worth going to twitter.com, linkedin.com and facebook.com to register your company name and variants of it – if you’ve done it, nobody else can.

The next stage is to look at the online domain names, the UK versions of which administered but not sold by Nominet, the company that brings you these guides. You might already own “yourcompanyname.com” – but do you own “yourcompany.co.uk”??

Give these some thought. The costs can start to mount up if you’re starting up, but your good name is important. Remember the high-profile consultant PriceWaterhouseCoopers, which spun its consultancy into a company called “Monday”. It set up a website called Introducingmonday.com which told people the rationale behind the name. Then a group of satirists called B3ta realised it hadn’t bought “Introducingmonday.co.uk” – so they did so and put an animation of a singing donkey with a song called “We’ve got your name, La La La” on it.

Of course it was funny – but it could have been avoided for £9.99. PriceWaterhouseCoopers had no option but to scrap the new company name which clearly cost considerably more.

Who’s done it?

Most businesses will have done something about protecting their names. Registering them with all of the social media sites, registering mis-spellings as well so that nobody else can cream off potential customers is a good idea.

The thing about protecting your name online is that it only ever makes a good story when it’s gone wrong. So think about the examples above and don’t let the next one be you! Benefits

The benefits are clear – nobody else can pretend they’re your business or speaking on your behalf. Nobody can cyber-squat, nobody can impersonate you if you already own your name in Cyberspace.

It’s worth mentioning that the standard remedies in law apply whether someone is impersonating your company in Cyberspace as they do in the real world. You’re protected by law, but then the legal costs start mounting up – prevention really is better than a cure.

Action points

  • Register your trading name on all of the social media you can think of, even if you have no intention of using them.
  • Check to see whether anyone else is using the same name or a similar one – if your company is called “Smith” then other people may well have an equal claim to the name!
  • Look at the Internet domains available to you – and acquire as many as is practical and sensible. Think of what your customers would type into a web browser to find you – and register it!
This business information might also be of interest: Data protection online

Cybercrime

There’s no doubt that for those of us who use the Internet every day, it has made our lives much easier. Unfortunately however, the same is also true for criminals. The way that we share and store so much personal information online means that it has never been easier for criminals to gain access to that information and then use it to carry out various activities that help them to make money whilst causing harm and loss to others.

What is cybercrime?

‘Cybercrime’ is a blanket term that covers a wide range of criminal activities that are carried out using computers and the Internet. It is a term we hear a lot in the media, and there is no doubt that it is a growing problem globally and here in the UK; for businesses and individuals alike.

In February 2011, the UK government commissioned a report that suggested cybercrime was costing the UK economy £27 billion pounds a year. Most of that cost, £21 billion, affected businesses through activities such as intellectual property theft, industrial espionage, online theft and theft of customer data. The report also suggested that cybercrime cost the Government £2.2 billion and UK citizens £1.3 billion. The Government is taking the problem seriously and has committed £650 million to a strategy over the next four years to deal with the problem.  You can read more about the report on the Cabinet Office website.

However, it is important not to get carried away by the dangers we might face when we use the Internet for business or pleasure. It is possible for us to use the Internet quite confidently and safely, providing that we take a few sensible precautions.

The information in this section outlines some of the types of activities under the term ‘cybercrime’ that might affect you as an individual, and will help you to take the necessary steps to protect your identity and your computer as you use the Internet every day.

How to avoid becoming a victim of cybercrime

Please read our section on ‘Avoiding cybercrime’ to learn more about the different activities covered by the term ‘cybercrime’ and find out how to protect yourself and your computer by taking a few simple steps.

Further information

If you have been a victim of cybercrime, the following organisations offers further advice on what action you should take:

Getsafeonline – victim support: http://www.getsafeonline.org/nqcontent.cfm?a_id=1171
 
Police Central e-Crime unit: http://www.met.police.uk/pceu/cyber_crime.html
 
e-Crime Wales: https://www.ecrimewales.com/server.php?show=nav.8858&cdt=20110915163852

This personal information might also be of interest: Cybercrime, Identity theft
This business information might also be of interest: Cybercrime

How useful was this article?

Nominet is constantly striving to improve the level of knowledge on this site. Your feedback is appreciated.

Take the NetCheck

Topic areas

Recommended video

Recommended links