Skip to content

Identity theft, a threat that also affects startups

Digital threats are a reality and online identity theft is a very common technological crime to which anybody or any organisation can be exposed. For this reason, startups should be alert. We will outline several tips that can be taken into account to avoid these situations.

In the case of identity theft from internet users, fraudulent activities primarily involve scams, extortion or defamation. Companies and other bodies are also a perfect target for this type of theft.

Although every country works to raise awareness of cyber-security with projects, as the National Cyber Security Centre (INCIBE) does in Spain or the UK’s National Cyber Security Centre, identity theft remains one of the main threats online, as per the Threat Landscape Report 2018 by the European Union Agency for Cybersecurity (ENISA).

In the case of startups and other companies, it is very important to pay attention to the identity theft of network administrators, details the ENISA report. An attacker can remotely access a computer and operate as an administrator and, in this way, extract funds or data.

The other form that is still well used is e-mail fraud, also known as phishing. One of the most used techniques today is that of the Business Email Compromise, which consists of impersonating members of a company’s upper echelons by means of an e-mail. The person writing pretends to be someone from the executive of the company and asks for sensitive information. The European body advises us to be alert to suspicious words in the subject line, such as “payment” or “urgent”.


As the INCIBE explains, no company, no matter how small, should ignore the threats that may affect their security – they are not just putting themselves at risk financially, but they are also endangering their corporate image and the confidence that users may place in them.

With the implementation of the General Data Protection Regulations in Europe in 2018, companies’ concern about the data that they store on their users has also increased, according to the ENISA document.

That is why it is very important that, when starting up, companies include tools like secure connections with HTTPS protocol and encryption, particularly to protect users’ privacy on applications involving eHealth, insurtech and fintech. The use of biometric barriers, especially in banking, is also advisable to protect against counterfeiting and theft.

If in spite of taking precautions a startup ends up being affected by an attack, it is essential to make the relevant competent, specialist authorities aware of the facts. These bodies include the Spanish Technological Investigation Brigade and Action Fraud in the UK.

When a startup is still in its infancy it is very important that it provides all its members with training in basic issues of cyber-security within the digital culture, and in this way they should always be prepared. At insur_space by MAPFRE, we care about all the startups participating in our innovation programmes, and we promote knowledge about digital security in the entrepreneurial ecosystem.