How to Thwart Identity Theft in the Workplace
The COVID-19 pandemic forced many Americans to work from home — a situation identity theft criminals have used to their advantage.
Stanford economist Nicholas Bloom conducted several nationwide surveys and has found an emerging economic reality during the COVID-related economic shutdown.
“We see an incredible 42 percent of the U.S. labor force now working from home full-time,” Bloom told Stanford News, a Stanford University publication. ” …. So, by sheer numbers, the U.S. is [now] a working-from-home economy. Almost twice as many employees are working from home as at work.”
Working from home may be convenient and productive, but it presents a significant risk which has become magnified by the scale of people now working from home. The problem is that these telework situations are easy targets for thieves who specialize in identity theft, allowing them to take advantage of the access employees have to employer records.
Identity Theft
The U.S. Department of Justice defines identity theft and identity fraud as crimes in which someone “wrongfully obtains and uses another person’s personal data” for their own economic benefit. Common examples of this type of crime include when criminals:
- Charge purchases to another person’s credit card
- Open new accounts
- Take money out of bank accounts
- Apply for loans
- Take over another person’s identity running up huge debts and destroying the victim’s credit
To commit these crimes, the criminals only need one of the following items:
- Social Security number
- Direct deposit bank information
- Credit card number
- Credit histories
- Job applications
- Background reports
- Payroll and tax records
- Other identifying data
Preventive Measures
Unfortunately, some criminals are employees. Anyone who has access to these files can commit identity theft, including human resources employees, accountants, bosses, temporary workers or even cleaning staff. Terminated employees might be tempted to take revenge by stealing information.
To minimize risk, protect sensitive information using the following methods:
- Hard-copy personnel and customer files should be kept in locked cabinets.
- Computerized records must be password protected.
- Access should immediately be revoked for any terminated employees.
- Social Security numbers should never be used as identifiers.
- Background checks should be conducted on employees and job candidates who will have access to sensitive information. The Fair and Accurate Credit and Transaction Act requires employers to dispose of job applicants’ credit reports.
It’s also important to review your off-site cybersecurity. Many employees have never worked from home and don’t know how to protect their Internet connections.
First, though, make sure your company’s systems are protected by:
- Installing anti-virus and other software to protect against spyware and other malicious codes.
- Using a Virtual Network with Multifactor Identification (VPN) to hide your real IP address, which hides your online identity and protects your data from hackers.
- Securing the contents of your networks with a firewall to encrypt your information.
- Using passwords and giving access to certain information only to those who really need that information to do their jobs.
- Establishing policies on how to handle and protect personally identifiable information.
- Making backup copies of important business data and information.
Once you have these measures in place, instruct your employees to use strong passwords and change them often. They also should install security software on their home computers and stay current with the latest updates.