While most people understand the repercussions of personal identity theft, the potential damage from hackers taking over a company’s corporate identity are perhaps less familiar.
While it’s assumed that companies are more organised and have more rigorous security controls in place to protect them against attacks, this isn’t always the case. Also, how hackers could damage a company are a little less obvious as they may involve not just harming your finances or reputation, but also use your company as a conduit to harm your customers, partners, or even the stock market. To better understand this issue, let’s outline some of the tell-tale signs that hackers may have taken control of your company and offer advice about how to avoid them.
1. Mysterious orders
Instead of going directly after money, criminals can expose a company’s corporate identity by abusing the trust built with suppliers. This works particularly well if the ‘hacked’ company regularly purchases high volumes and has good payment terms with their suppliers, such as having a 60-day payment clause. If a hacker can infiltrate a company’s systems, or forge a purchase order to place an order, suppliers could be none the wiser. The victim company could lose a large amount of money for purchasing stolen goods and also damage their relationships with suppliers. This scam would be considerably disastrous and problematic for organisations within the manufacturing and retail industries as having an intricate supply chain is a fundamental aspect of the business.
2. Who tweeted that?
Rather than being purely motivated by money, some attackers are inspired by wreaking havoc and disruption. Attacks on social media can be hugely detrimental to a company’s reputation and its relationship with the public, especially if the account has a significant number of followers. In 2013, Associated Press (AP) had its twitter account hacked with a hoax message stating that the President of the United States was injured after two explosions in the White House. AP’s account was then suspended for a short period of time while an announcement was made stating that the tweet had been false. Despite this action, the original announcement caused the Dow Jones Industrial Average to drop sharply as the message spread like wildfire across social media. An investigation later revealed that the hack resulted from a phishing email being sent to AP employees requesting their login details.
3. Customer service, how may I help?
Conjuring hoaxes regarding internal and external matters of a company can also have tragic consequences to an organisation’s market value. In 2016, French construction giant Vinci SA fell victim to a fake news release claiming that the company had fired its finance chief amid accounting irregularities. Within 24 minutes, Vinci had denied the report as false but the damage had already been done. The news prompted the company’s stock value to plummet by 18 percent, its largest fluctuation in 17 years.
4. Where is my data going?
Should an attacker gain access to a company’s valuable corporate assets via its computer network, they could steal or manipulate sensitive data such as payroll information and bank details. This could lead to all sorts of negative implications for the company, and allow a hacker to siphon money from corporate accounts or adjust employee salaries.
5. A new head office?
In the UK, all trading businesses must register with Companies House with the information being freely available to the public. However, Companies House does not validate any submitted changes made about a company or its records. This means that a successful hack could potentially edit the name of a company, remove or add directors, move the trading address and even influence the company’s share structure.
How to avoid being taken over by hackers
Having the basic foundations of security in place go long way towards protecting your company against corporate identity theft. Security monitoring can help to protect your corporate network by sending alerts to notify you when valuable assets are accessed. Having incident response plans in place to deal with specific scenarios can save valuable time in the event of a security breach. This can be particularly advantageous in the event of any form of public communication, such as a company Twitter account, being intercepted.
To shield yourself and your suppliers, it’s important to have a clearly defined procedure for placing orders, with authorisation needed at various stages of the ordering process. A similar process can be applied for making changes to your company details. Using two-step validation, or segregating duties within the company, whereby two senior individuals must agree to any changes made, reduces the risk of any one person abusing company information.
Protecting corporate identity is critically important and even more so in such a fast-moving media environment, where an organisation’s reputation can be damaged in an instant. In addition, as businesses continue to move away from traditional, brick-and-mortar premises towards conducting their operations online, they must stay vigilant to the range of threats that such changes can bring about. Regardless of whether you are a local florist or a multinational corporation, protecting your identity will be a key factor in your company’s ongoing success.