Identify Fraud Can Happen Any Time...Even At Work

Can your identity be stolen at work? Can Business Email Compromise (BEC) happen at work? YES! The answer is, unfortunately, yes. But with the right measures in place and educating your staff on those protocols, you can avoid future issues. Your identity has a lot of value, especially in the wrong hands. As unfortunate as it is, employers  have a lot to do with the stolen identities of their employees. Good cyber risk management helps to avoid making your organization the root cause of an identity theft situation. 

Contrary to popular belief, identity theft is a little different than identity fraud. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.

Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2023, identity fraud losses increased by 38%, equaling $4.57 billion dollars nationally. On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.

Ways Employee data gets stolen

Employers are responsible for a great deal of personal and private information regarding their employees. Employers have a responsibility to protect employee information, whether employees like it or not. Third parties may want that information for a variety of reasons, some of which are bureaucratic, financial, nosy, or even dangerous. 

There are plenty of ways, but here are a few popular methods:

1. Public Wi-Fi
   This might be the easiest way criminals steal sensitive data. Especially post COVID, when remote work has begun to travel to the coffee shops. Hackers can pick up credentials via public Wi-Fi and public PCs. However, with the right solutions in place, networking devices automatically get network security management- which provides defense against public Wi-Fi hacking attempts. 
   
   
2. Phishing
   Phishing is the act of sending a fraudulent message designed to trick a person into revealing sensitive information or to deploy malicious software. Add that to the rise in Business Email Compromise (BEC) attacks that are crippling businesses across the country, this becomes a problem that's causing lots of small-businesses to sit up and listen. A simple way to avoid getting impacted by this chosen method of identity theft is to make sure your employees are knowledgeable of it at all with Employee Security Awareness Training. 
   
   
3. Credit Card Skimming
   Do you have a company credit card? Do your employees? Maybe your ears just perked up. Card skimming is a process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal. Regardless of whether or not you trust your employee with that card, can you trust the card terminal they're swiping their card through? A benefit to our solution to this problem is On-Demand CISO consulting for implementing best practices for security, including POS and card terminals to avoid this easy-to-do hacking method.
   
   
4. Disposal of Equipment
   Selling or discarding used computer equipment that isn't properly wiped can expose personal information. With Centre's secure-by-default Project Services, during technology refresh projects we uphold certain standards for the decommissioning of servers and workstations to ensure that during the disposal of equipment, your data is still protected. 
   
   
5. Hacking Networks and Databases
   Hackers can infiltrate networks and databases easier than you think. With the world going more and more digital every day (cars even, can you believe it?), it's easier and easier for people to hack anything from your phone to you company. A clear benefit our solutions includes secure by default Active Directory management to actively prevent situations just like this. 
   
   
6. Dumpster Diving and Paper Mail Theft
    A variety of illegal uses can be made of your identity information when dumpster-diving identity thieves root through your trash. Relying on a more traditional environment has its consequences in this day and age and unfortunately, paper mail theft and dumpster diving are prevalent. Migrating to cloud services like Microsoft Azure and Microsoft 365 for document storage and archiving puts up a major wall of defense against this activity. In addition, it's always good to secure document shredding and switching from receiving paper mail to email.
   
   
7. Malware and Viruses
   A very popular vessel that hackers to use to commit identity theft is malware. Criminals use malware on your devices because it enables them to linger in the background of your device, stealing personal information stored on your device like usernames and passwords, bank account numbers, or even your Social Security number.  With the utilization of Endpoint Detection and Response (EDR) with NextGen Antivirus tools (that include ThreatLocker Application, Data Storage, and Elevation Controls) - you protect your business on all sides from this kind of activity.  
   
   

What do you do if your identity is stolen?

Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.

In dealing with these realities, employers should try their best to keep some important basic principles in mind:

1. All information relating to an employee's personal characteristics or family matters is private and confidential.

2. Information relating to an employee should be released only on a need-to-know basis, or if a law or court requires the release of the information.

3. All information requests concerning employees should go through a central information release office within your organization.

You don't want to risk identity fraud. Monitor credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures.

If you need help or maybe this seems like something you should outsource to make sure you're not subjected to, contact us today and we'll get you one your way to better protection.