Small Business Identity Theft

The IRS recently published an updated bulletin on Small Business Identity Theft. Just like individuals, businesses can be victims also. Thieves use a business’s information to file fake tax returns or even get credit cards. The IRS has seen a sharp increase in fraudulent business tax forms: Forms 1120, 1120S, 1041 and even Schedule K-1.

Below are some things the IRS suggest that could trigger a sign of identity theft:

• The IRS rejects an e-filed return saying it already has one with that identification number

• The IRS rejects an extension to file request saying it already has a return with that identification number

• The filer receives an unexpected tax transcript

• The filer receives an IRS notice that does not relate to anything they submitted

• The file doesn’t receive expected or routine mailings from the IRS

It is important to control who has access to your business’s information. Your accountant has that access. Before you select an accountant, you need to be confident that you are dealing with a professional and that his/her office is run with the proper controls. Next are your employees. Every employee who has access to your computer system must have his own password. In this way, you can limit what can be accessed and if a problem occurs, you will be able to track where it started. Employees should also be aware that they are not to use YOUR computers for personal use. Often this is one way that thieves are able to access your business information. “Insiders- employees or others who work for a business – are a main source of security incidents. Because they are already known, trusted and have been given access to important business information and systems, they can easily harm the business (deliberately or unintentionally)” states the IRS bulletin.

You need to keep your laptop and any mobile devices locked up when not in use. Leaving these items available, it is easy for someone to easily steal private or sensitive information. If you have an office, your staff needs to understand that no one goes into your office when you are not there. Obviously, there may be reasons for an employee to enter your office but this should be limited.

Of course, you all have software and hardware fire walls – anti-virus, spyware or other malware programs on all your networks. It is important to keep them updated. Hackers manage to infiltrate fire walls quite regularly so that is why it is necessary to install the recommended updates. Always confirm that you are installing a vendor-supported version. You should set aside one day a month to update all your software. Your administrative passwords need to be changed regularly and the passwords you choose should not be easy for anyone else to figure out. My husband is terrible at this. Anyone who knows his name can pretty well guess his passwords!

Another thing that is extremely important is that you have to dispose of old computers and media safely. You need to “wipe off” your hard drive. There are programs you can buy that will do this. However, after that is done, you need to remove the hard drive and have it physically destroyed. The computer will still be usable if you wish to donate it. Some Companies will shred or crush them for you. This also goes for CDs, floppy disks or USB drives.

Lastly, always make full backups of important business information. Ideally, this should be done daily and a copy of the backup needs to be kept off premise. Alarmingly, many users do not do this on a regular basis. And do not keep a copy for site. A burglary could occur at your business tonight and they could take your computer. If you are not using one of the recognized computer systems, you could lose all of your important business information.

Happy New Year! I hope this year brings you good health and great success!