View PDF

With an Employee Identification Number (EIN), your company’s identity can be stolen just as easily as your personal identity. Think of it as the social security number of your business. After all, your EIN is used on many financial documents, including bank accounts, credit statements, tax statements. It is also usually tied to your billing system.

If a thief gets your EIN and can link it to other readily-available information (addresses, key names, etc.), they have all of the information they need to become a “representative” of your company. They can then get lines of credit, loans and merchandise in your company’s name.

There are two major ways thieves get access to your business information. The first is the old-fashioned method of digging through your trash. It’s amazing how many companies continue to throw away papers with important, confidential information. There have been instances where thieves have found old checks sitting in the top of garbage bins. These checks have all of the information a thief needs to compromise a bank account or to set up a vending account. The check not only has the name and address, but also a routing number and your account number.

There are a number of ways to avoid having your business compromised by digging. For starters, shred all credit card offers, papers with employee or confidential information or any papers that include your EIN, preferably with a cross-cut shredder or a shredding service.

Also, consider using electronic payment options. Since the networks are password-protected and the messages are encrypted, wire transfers and ACH payments are much safer than using paper checks.

And lastly, consider a post office box or a lockbox for your mail. This ensures that business mail is retrieved by appropriate personnel and is not left in a box at the reach of any passerby.

The second way thieves attempt to steal your business identity is by using “phishing” emails to gather access information. Phishing is the attempt to fraudulently acquire sensitive information, such as passwords and usernames. Thieves may use these emails to prompt you or other employees to reply with this information, which they in turn use to access your information and business accounts. These emails use official language, sound legitimate and many times contain the logo of the company they are pretending to represent.

Your best defense against phishing emails is to ignore all unsolicited emails, especially if it is asking for information. You and your employees should never click on the links or respond to the email. Make sure that everyone in your organization is trained to spot these emails and to contact an IT professional so that other employees can be warned. Note that these messages usually appear to come from major banks, eBay, PayPal, or other major organizations with name recognition.

If you receive a message from a company, and you think it may be legitimate, contact the company directly. Never use the email sent to you. This will ensure you are speaking with the company, and not a thief.

Also, be extra careful with your personal belongings. Don’t leave your computer, briefcase, or checkbook in your car.

By taking these proactive steps, you can minimize the chances that your company’s identity will be stolen and that your business will suffer due to a poor credit rating, the inability to order goods or to operate efficiently.