Business Identity Theft Risk Management Checklist

Business Identity Theft Risk Management Checklist

Create and monitor a security strategy in your business plan.

  • Designate a top-level manager to oversee the plan.

Create a records retention policy and audit compliance on a regular basis.

  • Store documents in a secured location, and limit access, as applicable.
  • Require strong passwords to access information stored electronically.
  • Avoid creating “master” users who have complete access to all sensitive information.

Adopt a policy regarding the proper disposal of confidential information, whether the information is maintained electronically or in hard copy.

  • Implement procedures that require burning, pulverizing, or shredding papers so that they cannot be read; and
  • Implement procedures that require the destruction or erasure of electronic media so that it cannot be accessed and read.

Perform background checks on employees and vendors, and especially on a document destruction company, if you use one (be sure to check its certifications, among other elements).

Obtain business insurance that covers any potential business identity theft losses.

Protect your business records.

  • Assign a trusted person to be responsible for maintaining and monitoring your business record with the Secretary of State.
  • Sign up for email notification regarding changes to your business record, if such an option is available.
  • Note renewal/reporting dates in your calendar and file documents on time.
  • File any changes (such as address, registered agent, name changes, etc.) in a timely manner.
  • Periodically check your business details on the Secretary of State’s website.
  • Safeguard your EIN (employer identification number), account numbers, and other information
  • Promptly file for dissolution with the Secretary of State if you determine that you will no longer be doing business. However, do not unsubscribe from email notifications so that you can monitor for unauthorized activity.
  • Create and follow a policy for carrying, using, and reporting lost or stolen business credit cards.
  • Do not share any sensitive information in emails or on any web-based service. If you must share sensitive information over the web, check that the website is secure by looking for “https” in the address.

Immediately contact your local and/or state law enforcement agency.

Immediately contact your bank, credit card providers, and other creditors notifying them that you may be a business identity theft victim and ask if there are any recent or unusual charges or orders.

Request copies of documents and emails that were used by the thieves to fraudulently open or access your accounts.

Ask about placing fraud alerts on your business’ bank and merchant accounts.

Contact the largest credit reporting agencies, noted below, and speak with their fraud departments to report the crime, view your business credit report and place alerts.Dun & Bradstreet: 1-800-234-3867Equifax 1-800-525-6285Experian 1-888-397-3742Trans Union 1-800-680-7289

If the thieves made changes to business information on file with the Secretary of State, obtain certified copies of the fraudulent filings before updating your filings. The certified copy of the fraudulent filings may be used as evidence in court.

Focus on documentation.

Keep track of contacts, including names, titles, phone numbers, and extensions of people you speak with, making sure to include the names and numbers of all law enforcement officers you contact.
Follow up all calls with a letter (with a return receipt). Also, follow up and make sure that agencies or institutions have received all the documents that they need in order to assist you.
Organize your documentation. Do not throw away files related to identity theft. Keep all notes, correspondences, emails, copies of reports, and other documents in a secure and accessible file.

Explore additional resources for assistance, such as the ones linked below.

  • National Association of Secretaries of State (NASS) Business Identity Theft Task Force
  • Federal Trade Commission
  • United States Department of Justice
  • Federal Bureau of Investigation