With 2017 recording an all-time high of over 1,500 data breaches, businesses have started taking measures to better protect their data. While the concept of protecting data is certainly not new, more companies are starting to realize the importance of not only protecting customer data, but employee data as well.
Employee data often holds more sensitive information than customer data, as company records often include data such as social security numbers (SSNs) and medical records. It’s far easier for hackers to steal an employee’s identity when they gain access to an SSN than if they steal an email address, credit card, or phone number—though that information must be safeguarded too.
As data breaches continue to increase—2017 saw a drastic increase of 44.7 percent from the breaches reported in 2016—companies must create best practices for navigating the cybersecurity landscape. Companies are also starting to understand the value of identity theft services as an employee benefit offering, because identity theft not only impacts productivity but also workplace happiness. A report by the Identity Theft Resources Center found that almost a quarter of respondents (22 percent) had to take time off work as a result of identity theft, with 30 percent saying they had lost interest in work/activities.
Below are some simple, but critical steps companies can take to better protect their employee’s identity.
Take the Time to Educate
Organizations spend a lot of money on cybersecurity technology, but they forget to equally invest the same amount of resources in training employees on proper cybersecurity practices and procedures.
For example, some employees don’t know the difference between identity theft and identity fraud. Identity theft is when personal information such as an SSN, driver’s license, or a combination of both is stolen with the intent of either assuming the target’s identity or reselling the stolen information to the highest bidder. For example, credit card theft is the most common form of identity theft. Identity fraud, on the other hand, occurs once there is an unauthorized use of the target’s information for personal gain, this can include opening a bank account, filing taxes, or receiving medical treatment using the victim’s information. Understanding the difference between the two types of theft can help employers protect employees against these crimes.
Teaching employees how to spot dangerous phishing emails or emails that contain malware is crucial as well. Tips like not simply trusting the display name of an incoming email, analyzing the greeting, and spotting requests for personal information can go a long way in teaching employees how to protect their data.
Establish Storage Protocols
Being a good guardian of employee data means having proper collection, handling, tracking, and sharing protocols. When dealing with employee data, it’s important to understand how you are taking in data. Evaluate your intake forms (for both employees and customers) and assess how the data is stored. It’s also smart to create separate locations for different types of data. This way the data is not as easily accessible during a breach. Creating constructions like tiered permissions or developing an Authorized Use Policy, which details who accesses information, is key too.
Also, it’s not just digital files that can be used to steal an employee’s identity. In this digital age, we tend to forget that paper documents are just as likely to be the cause of a breach as our digital files. A good tip is shredding any physical documents that are no longer needed.
Investing in Third-Party Services and Technology
Though education is critical, a business can only do so much on their own. When investing in new technology, there are two types of solutions businesses must consider: cybersecurity platforms and identity protection services. Both are necessary because cybersecurity platforms protect infrastructure against breaches while identity protection services can monitor the dark web to see if your information has been compromised and/or monitor your credit files to alert you to new activity such as new credit card accounts.
Not all identity protection services are created equal. The best ones come with access to assistance centers to help employees resolve identity theft issues as well as resource centers to help educate employees too. Employers' interest in identity theft protection services as an employee benefit is also on the rise, as companies have started incorporating the offer in financial wellness packages.
It’s never too late to reevaluate your company’s cybersecurity defense. While this list is certainly not exhaustive of all the steps a company can take to protect their employee’s data, following these guidelines ensures that employers are taking the burden of protecting their employee’s data seriously.