Can Your Personal Information and Identity Be Stolen at Work?
Your identity has a lot of value, especially in the wrong hands. As unfortunate as it is, employers have a lot to do with the stolen identities of their employees. Good cyber risk management helps to avoid making your organization the root cause of an identity theft situation. This article will explain why cyber hackers aim to steal identities from workplaces and how you can provide an adequate defense on behalf of your employees.
Identity theft is not a joke- 15 million individuals suffer every year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.
Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2022, $56 billion dollars were accumulated by cyber criminals through identity fraud. What does that mean for the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.
Who's Responsible for Employee Identity Theft
Employers are responsible for a great deal of personal and private information regarding their employees. Employers have a responsibility to protect employee information, whether employees like it or not. Third parties may want that information for a variety of reasons, some of which are bureaucratic, financial, nosy, or even dangerous.
In dealing with these realities, employers should try their best to keep some important basic principles in mind:
All information relating to an employee's personal characteristics or family matters is private and confidential.
Information relating to an employee should be released only on a need-to-know basis, or if a law or court requires the release of the information.
All information requests concerning employees should go through a central information release office within your organization.
How Employee data gets stolen
There are plenty of ways, but here are a few popular methods:
- Public Wi-Fi
Hackers can pick up credentials via public Wi-Fi and public PCs. With SMS services like the one we offer here at Centre Technologies, networking devices automatically get network security management- which provides defense against public wifi hacking attempts.
- Credit Card Skimming
A process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal. Another benefit of Centre's SMS service includes On-Demand CISO consulting for implementing best practices for security, incliding POS and card terminals to avoid this very hacking method.
- Disposal of Equipment
Selling or discarding used computer equipment that isn't properly wiped can expose personal information. With Centre's secure by default Project Services, during technology refresh projects we uphold certain standards for the decommissioning of servers and workstations to ensure that during the disposal of equipment, your data is still protected.
- Hacking Networks and Databases
Hackers can infiltrate networks and databases. Yet another benefit of Centre's SMS service includes sercure by default Active Directory management to actively prevent situations just like this.
- Dumpster Diving and Paper Mail Theft
A variety of illegal uses can be made of your identity information when dumpster-diving identity thieves root through your trash. Relying on a more traditional environment has its consequences in this day and age and unfortunately, paper mail theft and dumpster diving are prevalent. Migrating to cloud services like Microsoft Azure and Microsoft 365 for document storage and archiving puts up a major wall of defense against this activity. In addition, it's always good to secure document shredding and switching from receiving paper mail to email.
- Malware and Viruses
A very popular vessel that hackers to use to commit identity theft is malware. Criminals use malware on your devices because it enables them to linger in the background of your device, stealing personal information stored on your device like usernames and passwords, bank account numbers, or even your Social Security number. With the utilization of Endpoint Detection and Response (EDR) with NextGen Antivirus tools (that include ThreatLocker Application, Data Storage, and Elevation Controls)- you protect your business on all sides from this kind of activity.
Phishing is the act of sending a fraudulent message designed to trick a person into revealing sensitive information or to deploy malicious software. A simple way to avoid getting impacted by this chosen method of identity theft is to make sure your employees are knowledgable of it at all with Employee Security Awareness Training.
What do you do if your identity is stolen?
Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.
You don't want to risk identity fraud. Monitor credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures.
Be a thought leader and share:
About the Author
Organizations entrust Centre with protecting their technology ecosystem and strengthening their security posture. Centre’s cybersecurity and compliance solutions delivers layered IT security to protect businesses’ employees, customers, and content from known and unknown threats. Through employee awareness training, detailed security assessments, and 24x7 threat containment, Centre is a trusted partner for businesses seeking comprehensive network and data protection. Learn more about Cybersecurity and Compliance »