Protecting Your Employees Against Identity Theft
Most of us have read a dozen or more articles about identity theft. So most of us know this crime is fairly simple to commit, and that perpetrators are seldom caught and prosecuted. Tragically, most of us also know someone – a close friend or relative – who has been a victim of this crime.
The stories we hear about their experiences are heartbreaking. They talk about the tremendous amount of time it takes to retrieve one’s credit reputation … the expenses involved in rebuilding lives … the awful feelings of shame, contempt and betrayal.
If you think it couldn’t be worse, imagine that those people are your employees, and that your company is the source of the information leak that made them victims. Now it’s your turn to feel rotten.
As employers, we have a duty to safeguard the personal identity information in our employee files, and it’s simply good business practice to help our people safeguard it themselves. Here are ten suggestions – call them reminders – how we can do a better job of protecting our people from credit card fraud and other crimes involving personal identity:
Lock it up
Keep employee records where they cannot be seen by passersby during the work day, and control access to them by knowing who has the keys and the computer access codes. Secure these codes and any company credit cards carefully.
Control access to your business premises
Nobody likes to wear an ID badge, but as our companies grow more unfamiliar faces show up. Some of them might not be employees, so it’s wise to make certain everyone knows who’s who around the office.
Vendors and other visitors should be identified in some way, if only to show them that they don’t have free range of the place. Employees who have been coached to ask, “May I help you?” will usually find that the stranger is a vendor, an employee’s spouse, or another employee they’ve not met; if it’s a thief, however, that person will at least be aware that he or she has been noticed and can be identified.
Watch the mail room
Incoming and outgoing mail can contain valuable identity information. Access to it should be off limits to vendors and visitors.
Shred it
All paper that contains employee identity information should be shredded. Of course, if you are dealing with customers’ credit cards, you probably do this already. If the job gets too big to handle on-site, rent a container from a document destruction company and have them shred your discarded materials. Destroy old disks, too.
Donate it carefully
When you replace a computer and decide to donate it to a school or charity, be certain that its hard drive has been stripped of all information that you don’t want to have leave the firm. And remember that simply pushing the “delete” button might not do it; the hard drive should be wiped clean by using a utility program designed for this purpose. The same is true of old hard drives that you’ve replaced. Note also that the disks in a hard drive that has crashed still may contain a lot of retrievable data.
Store computer codes safely
In many offices, you can find one or two computers with access codes pasted right on them, or on a wall calendar nearby. This makes identity theft too easy. And the codes for a portable computer should not be kept in the briefcase or travel bag that contains it. Security codes should not be stored on the hard drive in a portable computer, or on a PDA that might be easily lost.
Provide safe storage
Another thing you’ll find in many offices is purses or wallets lying on desks. They’re an invitation to steal more than the cash in them – the credit cards and identity materials that have much greater value. A scammer with identity theft in mind might even leave the cash and cards, collecting only the identifying information. In that case, the owner won’t know about it for a long time, and probably will never know how it was stolen.
Get it back
Be sure to recover all keys, company credit cards, magnetic access cards and other company property from departing employees. If a former employee cannot be reached, cancel the credit cards at once.
Spread the word
Encourage employees to check their credit reports periodically for evidence of fraud, or to subscribe for one of the credit-surveillance services offered by the big credit agencies.
Prepare for the worst
When you travel, know how to contact others at the company or at their homes so that someone can report the loss of company credit cards promptly. And if more than one employee reports an identity theft incident, it would be wise to have everyone check their credit report. Knowing your company is the source of an employee’s identity leak would be bad; not knowing it could be worse.