We are all well-aware of the increasing rate of personal identity theft. Statistics show that as many as 10 million Americans each year are victims of identity theft. Many, however, have never even heard of something called corporate (business) identity theft. Most people never even consider that an organization has an "identity" that could be stolen.
Moving from a personal to a business perspective, the Aberdeen Group has estimated that $221 billion a year is lost by businesses worldwide due to identity theft. This brings us to the question, can this affect the nonprofit community? Logic follows that if it can happen to one corporate entity, it can happen to another. After all, when it comes to money, nonprofits also have EIN numbers, credit cards, bank accounts, letterhead and paperwork that can be reproduced and used for unauthorized purposes.
The most common form of identity theft at the business level is the use of a company's credit profile, either to fraudulently obtain credit for a separate company or to make purchases in the name of the company. Nonprofits can also be affected by "Cyber Squatting" and social media identity theft.
Cyber Squatting & Nonprofits
Cyber squatting is when someone "steals" your organization's domain name and uses it to profit from the goodwill associated with the organization's trademark. This can happen in few scenarios.
First, since most nonprofits only buy their domain name ending in ".org," the same domain name ending in ".com" can be registered by another person or entity. Since people are in the habit of using '.com' when searching the Web, this unintended appropriation of nonprofits' organizational goodwill is not infrequent.
A second case scenario is when someone buys your ".com" domain name and uses it in bad faith with the intent of deceiving donors. Cyber squatters are known for setting up websites that look and feel just like the real organization's website. They replicate or copy the code and images from the legitimate nonprofit website in order to create the fake website. It can be difficult for users to distinguish a real website from a fake and cyber squatters are thus able to capture your donor's information (name, address and credit card numbers). Your donors then unwittingly become the victims of personal identity theft.
Social Media Identity Theft When it comes to using your brand on social sites, you also need to be aware of the potential risk of identity theft. Back in June when Facebook began allowing members to claim vanity URLs, there were a lot of scammers snatching up big-brand names and cyber squatting in order to capitalize on the goodwill associated with the brands.
What Can You Do to Protect Your Nonprofit from Identity Theft?
- Manage your data carefully and consistently. With the vast amount of information available on the internet these days, it is a must that you find out exactly what information regarding your nonprofit is online.
- Check for the use of your brand name across popular and emerging social media websites. Grab your name before someone else does.
- Google yourself. Set up alerts related to your organization to see if there are any spoof sites (mirror sites) that have your information on them. In addition to your organization's name, consider alerts related to your original Web content, social media sites and key staff.
- Buy.org and.com domain names for your organization.
- Develop & implement an IT plan designed to prevent and manage a security breach. (See "Nonprofits and the Hacking Nightmare")
- Limit the employees who have access to sensitive information (EIN number, bank accounts and credit cards) and always encrypt sensitive data on your computer network.
- Review regularly your nonprofit credit report and always carefully scrutinize employee charge card billing statements before they are paid, particularly those accounts for which multiple cards are issued.
- Guard check stocks like cash. Don't use preprinted check stock. Instead, encourage direct deposit, and shred sensitive documents that are not required by law to be maintained on a regular basis.
- Do not panic. One of the worst things you can do in a case of organizational identity theft is panic and make a series of moves on fear and impulse. In the worse case scenario, you should immediately contact your lawyer and the local authorities.
- Preparation. Last but not least, you should be prepared to fight for your nonprofit. Keep your documents organized as lack physical evidence of ownership can make your case difficult to prove.