Identity theft: What it is, and how it can affect your business

person holding glasses up to focus on MacBook on desk
(Image credit: Unsplash)

If you're a business owner, you're no doubt concerned about any threat to your data and that of your customers, with identity theft being one of the most dangerous forms of cybercrime.

In fact, identity theft has become so prevalent that it now affects approximately one in 20 Americans every year, according to Javelin’s 2020 Identity Fraud Survey.

But even if you’re already using one of the packages discussed in our guide to the best identity theft protection, do you really know what identity theft is? And are you aware of the impact it could have on your business?

We’ll provide identity theft definitions, and walk you through some of the key points every business owner needs to know in order to safeguard themselves against this increasingly common form of cybercrime.

Identity theft - definition

As the name suggests, identity theft is the act of stealing another individual’s personal details, often with the intention of applying for credit or buying goods illegally in that person's name. Tax fraud is a common form of identity theft, in which a criminal uses a victim’s data to file a tax return and illegally claim a refund.

The consequences of identity crime can be devastating. Should credit be taken out in your name or that of your company, you could face significant difficulties in proving that you did not indeed take out the credit or purchase the item yourself. In a worst-case scenario, you could find yourself pursued for a debt you don’t owe.

Even if you’re able to demonstrate your identity has been stolen, you could discover your credit has been destroyed by the incident, leaving you and your business unable to borrow money in the future through legitimate means.

As a business owner, it’s also important to be aware of employment identity theft, in which a perpetrator uses another person’s details to falsely apply for employment.

How does identity theft happen?

stack of Social Security cards

(Image credit: Shutterstock)

For many identity thieves in the USA, gaining access to their victims’ Social Security number is key to the crime. Once a criminal is in possession of this information, he or she can easily represent themselves as the intended victim when dealing with financial institutions.

Non-digitally, identity theft has historically occurred when a perpetrator went through another’s post or rubbish in order to uncover correspondence, such as bank statements or tax details. In the case of businesses, criminals could obtain your details by entering your premises or stealing your business’s files, which can expose both your own information and that of your clients.

Other identity thieves may use similar low-tech methods of gaining access to your company’s details. They may, for example, call or email your business to ask for details about the organisation, perhaps masquerading as a potential customer, claiming to sell services, or claiming to represent a market research agency.

Account takeover is another common form of identity theft in which perpetrators, especially hackers, illegally gain access to another person's accounts in order to change passwords or transfer funds.

The dangers of cyberspace

In an increasingly digital landscape, it’s no surprise that old-school methods of identity theft are becoming less widespread, with many cases of identity theft against businesses occurring in cyberspace.

One of the most common forms of attack is through the use of spyware, in which a piece of malicious software covertly monitors a company’s online activity by gaining access to a hard drive within the company’s network, and then sharing this information with third parties.

Man-in-the-middle attacks are another common method of identity theft. Using this tactic, a hacker will monitor any business activity conducted over unsecured networks, and then steal information such as login details. Once inside your organisation's network, the criminal can easily access your most sensitive information.

Yet not all attacks in cyberspace need to be so high-tech. Hackers can frequently gain access to personal information the victim has (over) shared on social media. This can leave sole proprietors especially vulnerable, as these individuals often reveal a great deal of information about themselves online in order to promote their brands.

One point to bear in mind, given the rise of remote working, is the potential risk employees pose when logging into your network from home via their own devices and home Wi-Fi. In many cases, personal devices and networks lack adequate threat protection software, which could leave your entire business network vulnerable to attack.

Learn from big-name casualties

Zoom displayed on a laptop and smartphone

(Image credit: Zoom)

As we all know, stories of large-scale data breaches are constantly hitting the headlines. Some of the more high-profile examples include an attack against video conferencing giant Zoom. In April 2020, it was widely reported that the personal details of more than 500,000 users, including email addresses and passwords, had been found for sale on the dark web.

Although you probably don't class your business in the same league as Zoom, it's nevertheless essential to recognize the potential devastation a breach could cause. Should you fall victim to an attack, the reputation damage to your business could be devastating, and you may never recover your customers’ trust.

In more extreme cases, falling victim to a beach could potentially destroy your business. If, in the event of a data breach, your customers determine you have been negligent with your cybersecurity measures, they may decide to take legal action, leaving you with catastrophic legal bills.

As proof of this, aviation giant British Airways is currently facing an estimated $3.3 billion bill following a data breach that took place in 2018 in which the personal details of more than 43,000 passengers were exposed.

Get the right tech in place

With threats such as spyware and man-in-the middle attacks posing a risk to your data, it’s essential you have a comprehensive antivirus software in place. When you’re choosing threat protection software, it’s wise to look for a plan that provides a VPN: a virtual private network that will keep you anonymous when browsing the internet.

If you’re particularly concerned about the threat of identity theft across your business, however, you may want to take additional precautions. A number of companies offer specialized identity theft services to offer additional support. IdentityForce, for example, provides fraud monitoring services to alert you if your data is used illegally, as well as offering 24/7 support services and $1 million of identity theft cover.

Not all threats are external

office workers

It’s tempting to imagine that all data breaches originate from organized gangs of cybercriminals, or teenage hackers locked away in their bedrooms. It may therefore be a surprise to learn that most data breaches are caused by human error, according to research from CybSafe.

As a business owner, it’s therefore vital you provide your employees with adequate training on the potential dangers of identity theft, and ensure they understand the rules surrounding confidentiality within your organization.


Although we constantly hear about the importance of being on our guard in many aspects of our lives, vigilance really is the key to protecting your business against the threat of identity theft. Being familiar with identity theft definitions and the various guises the crime can take is the first step toward taking effective precautions.

Katy Ward

Katy Ward is a freelance journalist and editor with more than 10 years' experience writing about tech and finance. Throughout her career, she has worked with tech giants such as Google and Yahoo!, as well as a host of fintech start-ups. Her work has appeared in national newspapers and independent media outlets.