Are You Employing an Identity Thief?
People generally think of identity thieves as masked men who resemble the classic definitions of criminals or burglars depicted on the big screen. But as the fastest growing white collar crime in America, identity thieves are more likely to look like the clean cut, smiling people you employ.
With somewhere between 50-70% of all identity theft cases occurring in the workplace, employee privacy is more important than it has ever been before. As is customer and client privacy. Your primary concern as an employer should be identity theft protection. Why? Because new laws recently went into effect that could hold you responsible should a data breach that results in identity theft or credit card fraud occur on your watch.
The number one source of information in identity theft cases is stolen employee records. Occasionally, records are stolen by hackers who break into company systems and access records, but far more employee records are stolen from an insider. That means someone on your payroll may be illegally using company resources for his or her own gain and defrauding other employees all at the same time.
Here are seven steps you can take to begin the process of making sure you don’t unknowingly employ an identity thief.
Weeding Out Potential Identity Thieves
1. Perform thorough background checks on employees. If you are like many employers, you ask for references but you don’t check them. And you may or may not run credit and criminal reports on seemingly nice people. But performing routine checks like this are important not only to making sure that potential employees don’t have a previous criminal background, but also to verifying that potential employees really are who they say they are. Social security number fraud is a hot crime right now, and it is especially popular among people who may not be able to obtain a green card and among those who are trying to escape a painful past of some sort. Do not blindly assume that because someone seems nice, or knows someone you know that he or she doesn’t need to follow proper protocol when it comes to background checks. Do yourself a favor and implement a blanket policy that all potential employees must be subjected to. It will be easier to spot red flags that way.
2. Monitor all handling of sensitive information that takes place within your company. It may be tempting to simply allow people to do the jobs you hired them to do without ever looking into exactly what they are doing or how they are doing it. But, it’s important that you ensure that your employees correctly acquire, access, store, dispose of and distribute sensitive information correctly. You can read some practical tips on safeguarding information in other articles in the Business Solutions section.
3. Create a privacy department or designate a privacy person within the company. Having a primary contact person or department devoted solely to the issue of privacy can be helpful for many reasons. Primarily, this person/department can create and implement a companywide policy for the safe and secure handling of information, while also facilitating companywide training sessions on the proper handling of sensitive information. Having a primary contact person or department also creates open lines of communication between employees so that if one employee notices or suspects suspicious behavior from another employee, he or she has someone to report it to who can investigate it further.
4. Screen all cleaning services or temp agencies you contract with. Many employers implement some sort of screening process with their own employees, but they are noticeably more lax when it comes to companies or contractors they simply partner with. This can be a big mistake as those people often find themselves with access to information that can lead to identity theft. For instance, if one of your employees carelessly (or accidentally) threw a receipt for a business lunch in the trash and it had credit card information on it, a person from the cleaning service could easily extract that receipt and steal that information. Don’t be afraid to press contractors you partner with when it comes to background information, and if possible include them in any training sessions you have for your own employees on the safe handling of information.
5. Conduct unscheduled safety walk-thrus on a consistent basis. Employees may be offended or upset when you first begin the practice of checking up on whether or not they are following proper protocols for the safe handling of sensitive information. But if you implement this practice shortly after a training meaning on the new company privacy policies and you make sure all departments are subjected to a walk-thru then people will not feel singled out. Rewarding employees and departments who pass the checks with satisfactory or excellent marks might even boost employee morale and encourage others to take the new practices and protocols seriously as well. Having a designated privacy department or person comes in handy here as it provides you with the manpower to actually implement something like this on a regular basis.
6. Have a written policy for handling private information. Having a written policy for the proper handling of information that all employees must sign not only gives them something they can constantly refer back to as they are handling private information, but it also provides you with something you can refer back to in conversation with an employee who has violated the policy. It is also a good idea to outline what behaviors constitute the grounds for firing and what the warning and consequence structure is for other minor infractions.
7. Use electronic audit trail procedures to monitor how employees are really handling information. Employing the use of a system like this will help you keep track of whether or not employees are accessing sensitive information from PDAs or personal home computers (or via company laptops when they are at home). This will make it easier to detect any potential data breaches or unsafe practices that need to be brought to your attention.
When it comes to privacy practices that may help prevent identity theft, laws are consistently getting stricter. That means identity theft has become a problem you can no longer ignore. Make sure you begin taking steps toward implementing the above mentioned practices (and others like them) as soon as possible so that your employees and customers are protected, and by default you are too.
