Kroll, a division of Duff & Phelps, the global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions, today shared the five most effective strategies to guard against the increasing threat of identity fraud.
The strategies are based on findings from a Kroll survey of nearly 200 audit professionals that revealed that over half (55%) of respondents said that fraud risk increased in their business since the shift to remote working, with a further 10% saying it increased significantly. It’s widely understood identity fraud poses huge risks to consumers, but the dangers to businesses are often underestimated.
As remote working is set to continue for most businesses for at least several more months, and concurrently, identity fraud cases continue to rise, Kroll reveals the five best strategies for mitigating exposure to fraudsters.
1. Beware of phishing emails
Scammers will use fake emails and text messages, often masquerading as trusted institutions such as banks, schools, universities and employers, to trick you into giving away your personal information. For example, someone may impersonate someone in a senior leadership position within a business and ask a junior employee for a password or confidential information.
Phishing has progressed beyond the clumsy, poorly-written efforts of the past, but many still contain tell-tale signs of a scam such as poor formatting, unofficial email addresses and a lack of consistency with company email practices.
2. Don’t re-use passwords
For the vast majority, poor password practice simply boils down to security fatigue: a weariness or reluctance to deal with computer security. Using a password manager is an excellent solution to this issue, and offloads much of effort that goes into organising passwords onto a digital platform. Businesses should ask employees to change their passwords regularly to mitigate the risks of a breach.
3. Activate two-factor authentication
Many online accounts offer two-factor authentication and enabling this service can help prevent online account takeover, especially with financial institutions. When you log in to your bank account, for example, it will send you a text or email with a code needed in order to access the account, adding another layer of security to your personal information. Businesses should look for systems that offer this level of log in security for all possible systems, including corporate bank cards and accounts, but focusing on those areas that are most vulnerable like email accounts and data storage.
4. Sign up for activity alerts
Activity alerts from bank or credit card companies can notify you to any suspicious activity associated with your account(s). You are often notified straight away and can prevent any further fraudulent charges or withdrawals. This applies to business as well as personal accounts, giving a full picture of potential vulnerabilities.
5. Set up identity or credit monitoring
Register company email addresses and passwords, along with any other sensitive data like bank details, with an identity monitoring service to receive a warning if data is under threat. Such data is often traded on the dark web, but monitoring services focus on places where it is known to be bought and sold and alert you if your data is identified, allowing you to reset passwords and login details or contact your bank to cancel your cards.Consumers should do the same with their debit or credit cards and any other data that could be vulnerable.
David White, Associate Managing Director at Kroll, comments:
“Anyone, an individual or a business, can become a victim of identity fraud. The highly interconnected and digital world in which society now operates means that criminals have become increasingly sophisticated, and as tech continues to move forwards, so do their methods of fraud.
“Worryingly, fraudsters are not only becoming more versatile, but also more effective—and this upward trend is set to continue.
“It’s therefore more important than ever to stay vigilant and take the necessary steps to guard against identity fraud, as with all other types of fraud. Effective security essentially boils down to layering a series of defence mechanisms to reduce overall risk. Incorporating the steps we’ve shared is a great place to start for businesses, employees and consumers.”
The latest updates from Digital DNA
Early access to our events
+ lots more every 1-2 weeks