Cyber crime

How to Prevent Identity Theft in 7 Steps

photo of niek dekker
Niek Dekker
5 Min

Business identity theft is an increasingly popular crime among Australians. There are various ways a hacker can steal your identity, especially with the increased use of technology. This includes infiltrating your emails, ERP systems, network or personal devices.

The good news is that you can implement controls to prevent identity theft. In this blog, we will discuss how to prevent identity theft in 7 steps with easy-to-implement strategies.

Common Methods Used by Identity Thieves

Before implementing procedures to protect your accounts payable team from identity thieves. It’s important to recognise the several tactics an identity thief may use:

  • Phishing: Phishing is a widely used method by cybercriminals to deceive you into providing them with personal information, credit card details (BSB or Account Number), business login credentials, or any type of sensitive information. This can occur in various ways such as impersonation scams, robocalls, smishing (SMS phishing) and more.
  • Business Email Compromise: A type of phishing used by cyber criminals targeting organisations via email or invoices to redirect legitimate fund transfers to fraudulent accounts.
  • Hacking: An organised cybercrime group, or individual, may target you to break into your organisation’s network or personal device to defraud, steal or breach your security systems. Hackers may use spyware, trojans or malicious software also known as ‘malware’ to break into your network.
  • Remote Access Scams: This scam has become more prevalent in the workplace since the COVID-19 outbreak. This occurs when targets are contacted via mobile devices (phone call or text) or email by a scammer impersonating an employee, supplier, organisation or government entity.
  • Ransomware: Ransomware is a form of malware used to encrypt sensitive files. This method is popular among scammers because once the files or network is under their control, victims are left with a notice to pay a ransom to receive their data or have their network returned.
  • Document Theft: External perpetrators can work with malicious insiders to steal documents that are exposed in the workplace. These documents are then used to commit fraudulent activities.
  • Social Engineering: This manipulation technique is used before a data breach or data theft. This requires the scammer to prepare background information on their targets using social media such as Facebook, Instagram & LinkedIn.

How Can I Prevent Identity Theft?

Given the rising costs of data breaches, organisations must establish strong security controls. If you are looking to protect your personal or financial information and prevent data loss, here are a few steps to get started:



Source: Australian Cyber Security Centre (ACSC)

1. Enabling Multi-Factor Authentication on All Devices & Accounts

The first easy step to protect your identity is by implementing multi-factor authentication (MFA).

For instance, one simple action can prevent 99.9% of attacks on your accords according to Microsoft. Enabling MFA will reduce the risk of account takeovers and provide additional security to help ensure your organisation’s networks, applications, accounts and endpoints.

Getting started with MFA is simple, it requires you to enter at least two to three of the following to authenticate before accessing your account:

  • Something You Know (password or pin)
  • Something You Have (smartphone or secure USB key)
  • Something You Are (Fingerprint or facial recognition)

It won’t be enough for scammers to have your password to access your account. The extra security protocol is effective for anyone who is looking to secure their data.

2. Installing Security Software

Installing antivirus or security software is great for organisations that are looking to detect and prevent hackers from accessing the information on their work devices. A standalone work device should never be left unprotected. In 2022 it’s a must-have for enterprises, especially with the new methods of hacking and scamming.

Don’t stop there, adding a Virtual Private Network (VPN) on top of your security software will significantly minimise the risk of identity theft. According to Norton, a VPN “gives you online privacy and anonymity by creating a private network from a public internet connection”.

This means, that while you are using work devices to carry out your job function, you can hide your IP address whenever you’re surfing the web or downloading files, ensuring that your data is encrypted.

3. Creating Strong Passwords

Another simple yet effective way to prevent identity theft is to ensure that your passwords are unique. This involves establishing a unique password for each account using upper and lower case words, numbers & special characters. recommends creating a unique password for every account of at least 14 characters.

This makes it extremely difficult for fraudsters to hack or attempt to brute force into your accounts. If tracking each unique password is challenging, you should consider using a password manager. Using a password manager will save all your login details freeing you of the burden of remembering each password.

4. Obtaining a Free Credit Report

Checking your credit scores and reports can help you better understand your current credit position. Regularly checking your credit reports can assist you to detect any inaccurate or incomplete information. Usually, when individuals fall victim to identity theft, their credit scores are negatively impacted.

Requesting a credit report is free and straightforward. You can request a free copy if you’ve been refused credit within the past 90 days or if your credit-related personal information has been corrected.

5. Reviewing Bank Accounts & Bank Statements

Financial identity theft is one of the most common forms of identity theft. That’s why every organisation must verify payee details such as the BSB and Account Number before releasing funds.

Reviewing the payee and bank statements allows you to investigate any fraudulent activity and reacting promptly can prevent cyber criminals from attempting identity theft. If you don’t recognise a bank account or a transaction, you should report this to your bank immediately.

6. Using Trusted Websites

When browsing the web, you should only use trusted domains and websites. For example, a secure domain will have a padlock symbol next to the URL meaning that the connection between your web browser and website service is “encrypted”. Accessing websites that are not secure can leave you vulnerable to malware and infections.

7. Backing Up All Organisational Documents & Files

All types of intellectual property and files should be backed up on One Drive, iCloud, or Google Drive. Backups are important because they protect against human errors, computer viruses or power failure. If you experience a data breach or infection, backing up documents and files can save you countless hours of recovering files post-attack.

How Eftsure Can Help

Once identity theft occurs, it can be a devastating experience for any organisation.

According to the AIC, the annual economic impact of identity crime exceeds $2 billion.This kind of organisational damage is not an easy recovery and most businesses may not be able to recover at all. As a CFO, it’s important to be aware of the dangers and to take action against this severe threat.

With Eftsure, our real-time alerts will allow you to investigate any fraudulent activity before releasing payment by verifying the BSB and Account Number. This gives your accounts payable team assurance that your information is not being stolen by identity thieves.

Contact Eftsure today, for a full demonstration of how we can protect your business from identity theft.

The Essential Cyber Security Guide for CFOs
Understand the full range of cyber threats facing the modern CFO.

It's the critical information you need to stay one step ahead of cyber criminals and prevent your organisation becoming a victim.

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.