Pages

Mar 10, 2008

The spectre of workplace identity theft

Published on Wednesday, Jul 11, 2007
Nothing is sacrosanct anymore! Everything from an employee’s name, address, birth date to his bank account and credit card details are up for grabs.
How confidential are ‘confidential’ information records if all it takes is a few keystrokes and the complete identity goes for a toss!
It’s not technology to the rescue once again, infact the opposite is true as technological developments play spoilsport with people’s identities.
Identity theft is the crime of the century – the latest and most horrendous of a string of appalling white-collar crimes. Almost everybody is unsafe, as more and more data fraud cases are making international headlines by the day. A recent U.S. Federal Trade Commission study suggests that identity theft has doubled in the past year, as nearly 10 million Americans have been victims of identity takeover. On an average this costs individual victims $500 each and businesses an estimated $48 billion a year.
What’s more, the incidence is rapidly spreading to developing economies like India too. And shockingly, employee identity theft forms a whopping 90% of overall business record theft!
Hackers unscrupulously break into classified company information to steal employees’ identities. The personal details are sold off to bad elements who abuse the data to no end. They assume false identities to secure loans, gain employment, buy cars, rent houses, rack up debts and even perpetrate serious crimes.
Hapless victims are forced to legally change their names and details to prevent the nightmarish misuse. However, the worst damage is already done within the first few hours, while untangling from the mess takes years. Therefore, with the mounting scare of mortal embarrassment, financial mutilation, reputation blemishes and life devastation, is it any wonder that the general public is becoming increasingly paranoid about personal identity security? Afterall, what is more important than your name!
Asking for trouble
With identity thieves on the prowl like never before, personnel data is AT RISK! Sensitive employment information featuring in job applications, payrolls and employee records is ripe for the picking as companies carelessly permit open access to all and sundry.
Can the corporate world actually afford to be lackadaisical over data security concerns even now? Infact, the onus of security is on the organisation as vulnerable employees are looking to employers for adequate protection. As a top data security director, Bob Brand counsels, ‘It’s bad business not to protect to the best of our ability an individual’s personal information. Why would you want to work for a company that does not protect your information?’
Moreover, with rising legislation, in the near future companies will be held legally accountable and can be sued for identity breach.
Keeping out of reach
‘Identity theft is a crime of opportunity. Vigilance and awareness is essential in combating the fast growing non-discriminatory crime’, says Johnny May, a specialist in protecting individuals and organisations from identity theft.
Employers have to learn to protect their employees from the invasive crime. Moreover, as most data theft is from within the company’s rank-and-file, changing the negligent approach is more than warranted. Afterall, it’s a whole lot easier to keep the identity theft from happening than to repair the imminent damage.
For starters, determine where and how employee information is currently stored – in the form of paper files and spreadsheets, on executives’ computers or in online format. Then institute security measures like:
• Tightly control general contact with data files by reviewing who should and needs to have access. Restrict the access to limited staff with strict guidelines for those who have the authority to handle the personal-identifying information.
• Secure physical employment records. Basic security precautions such as alarm systems and locking storage areas where sensitive information is stored are often overlooked.
• Safeguard the digital information with sophisticated security measures like password-protection, data encryption and firewalls that keep intruders out by preventing unauthorised entrance.
• Train employees who handle the sensitive data about safe record keeping and preventing accidental disclosure.
• Conduct regular audit trails to track database access and isolate illicit/unnecessary retrievals.
• Do not request superfluous information from employees. Acquire reasonable details in a safe manner without any scope for incautious lapses.
• Dispose off sensitive personal data once it is no longer needed. Destroy sensitive matter in a shredder (papers tossed in the trash are a sitting duck).
• Scrutinise employee backgrounds especially for vulnerable jobs like HR and payroll that involve access to employee records.
• Limit ex-employee access to internal computer networks instantly to prevent unhealthy infiltration.
• Some companies employ third-party investigators to gauge organisational vulnerability and check identity thefts while some others institute in-house privacy officers too.
Also, employ additional safeguards like educating employees about how to keep their own identities safe - proper personal information disclosure and procedures for data protection with emails, newsletters, staff orientations, departmental meetings, workshops or conferences.
Finally, inspite of all the tech-savvy practices, no protection is completely foolproof. All that we can do is minimise the risks of identity theft, as eventually crooks will outwit the best security. James Van Dyke, president of Javelin Strategy & Research, USA concludes, ‘Fighting identity theft is a cat and mouse game – there’s always room for improvement!’

PAYAL CHANANIA

No comments:

Post a Comment