How Companies Can Protect Against Identity Theft

Corporate Data Security Challenges

Man stealing employee identities from a stolen laptop
••• photovideostock/E+/Getty Images

Identity theft resulting from stolen corporate data is big news. The extensive media coverage and damage to the organizations and brands involved in recent data security breaches has brought identity theft detection and prevention to the forefront of corporate America's concerns.

Given the amount of sensitive information their personnel files house, Human Resource departments in the corporate landscape have unique challenges. Awareness of data breach methods and the ways to thwart an identity theft attack are key to reducing the department's exposure. The HR department plays a key role—if not the key role in preventing employee identity theft.

Thwart Identity Theft

These strategies are recommended for HR professionals to thwart identity theft:

  • Educate employees about the appropriate handling and protection of sensitive employee data. Your frontline employees are key to protecting employee data.
  • Consistently enforce all policies and procedures, physical safeguards, and your IT security. All three of these approaches are required or data security is questionable and identity theft may occur.
  • Review and revise physical security practices as needed, in both your brick and mortar locations and your virtual operations. Policies should address all of the critical areas such as:
    1. Who is able to leave the office with file folders?
    2. Where is sensitive data stored and destroyed?
    3. Who has access to sensitive data?
    4. Are employees required to surrender their keys and badges upon leaving the company's employ?

    Identity Theft Victims

    Human Resource departments also need to be concerned about those who will become victims of identity theft. According to the Insurance Information Institute, the 2015 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 12.7 million U.S. consumers in 2014, compared with $18 billion and 13.1 million victims a year earlier. There was a new identity fraud victim every two seconds in 2014.

    These identity thefts will result in employees taking an average of 175 hours of work time to restore their identity following identity theft. This lack of productivity has been called presenteeism (being at work but not working on work issues).

    And, with increasing technology and sophistication, there are extensive networks of identity thieves whose sole purpose is to gain access to poorly secured organizational data and extract sensitive information—using means as simple as an unguarded laptop.

    Safeguard Employees Against Identity Theft

    To safeguard against these evolving identity theft threats, HR professionals need to:

    • Conduct background checks on employees.
    • Perform proper vendor screening.
    • Include breach of data protection clauses in your vendor contracts.
    • Have a pre-breach protection of sensitive data plan and a post-breach protection of sensitive data plan incorporated into their business continuity planning and their enterprise risk management planning.

    Identity Theft Insurance

    Organizations are discovering that adding a voluntary employee identity theft benefit to an existing benefit package adds value. This allows employees, as consumers, to have identity theft services available to assist them if or when their personal information is breached—whether at work or at home.

    Security-conscious companies enact proper identity theft policies to protect employee data and keep the company safe. They also offer similar options for their employees to demonstrate smart data security and to promote employee appreciation and satisfaction.

    Identity Theft Protection

    According to the FBI, identity theft is the fastest growing crime in America. The problem will get worse before it gets better. So the onus is on those organizations and departments housing sensitive employee information to improve their data protection through:

    • employee education and services
    • explicitly followed identity theft protection policies and procedures
    • a sound IT security infrastructure
    • a plan of action, for when—not if—a data breach occurs.

    Taking these precautions and using the approaches recommended in this article will help you to keep employee and company information safe. This is a win-win outcome for everyone and highly recommended. You can keep sensitive employee data safe if you are proactive in its protection.