Identity theft is nothing new but, thanks to more sophisticated hacking techniques and an increased reliance on technology, it’s getting worse. There was nearly twice as much identity theft in 2020 as 2019, according to a report by the FTC, with cases reaching almost 1.4 million. Many cybercriminals capitalized on the pandemic, using stolen information to apply for government benefits, unemployment compensation, and other federal COVID-19 relief funds.
Unfortunately, not only is this type of fraud becoming more common, but it’s also getting harder to solve. After all, we’re putting more data online these days, not less. And while protections are becoming stronger, criminals seem to remain one step ahead.
For decades, we’ve regarded identity theft as a personal problem. But, as it turns out, it’s a professional concern too.
Here’s how it can impact your employees and your organization as a whole:
Identity Theft Eats Away at Employee’s Time and Resources
When someone steals your identity, it’s up to you to solve it. From reporting the fraud to freezing your credit and accounts, there’s a lot of time-consuming activities associated with preventing further damage and recovering from theft. And that’s not to mention the emotional toll many people experience — especially if criminals emptied your accounts and destroyed your credit before you could take action.
Nearly 43% of victims are in debt as a result of the incident, almost 39% had to use their savings to cover their financial needs, and about 64% had problems concentrating, according to data shared in an Allstate report. So while employees may be physically at work after they’ve become victims of fraud, they’re often too distracted to achieve their typical level of productivity.
Additionally, employees may be using work hours to address their issues. (After all, not all financial institutions are available to help after hours.) According to one study, identity theft victims take an average of 175 hours of company time (the equivalent of 21 standard eight-hour workdays) to handle their cases. At the very least, you’re losing productivity from employees. But your employees’ identity theft can also affect your company more directly.
Cybercriminals Often Attack Employees to Gain Access to Company Data
In some cases, cybercriminals target specific individuals to get to their employer – or, more specifically, their employer’s wealth of sensitive data. For example, by stealing someone’s identity, you could gain access to their work account information and, thus, all the data stored within those systems. One well-targeted attack could lead bad actors to a virtual treasure trove of employee and customer data, which they can use for further attacks or sell on the dark web.
Many organizations are targeted for their size or notoriety, but even small businesses are at risk — especially because criminals might (correctly) assume they lack the sophisticated security held by larger companies. High-level executives and those in finance, HR, or legal departments are often most at risk because they also typically have the most direct access to sensitive information.
Photo by Christina @ wocintechchat.com
Employers May Be Liable for Employees’ Identity Theft
Another reason employers should care about employees’ identity protection is that, in some cases, they may be on the hook if bad actors steal employee data.
For example, suppose a criminal scams an HR professional into providing one or more employees’ W-2 forms (which isn’t uncommon). In this case, the company may be liable for any resulting identity theft — which could tally in the thousands or even millions. And while there’s no single federal law to cover any scenario of at-work identity theft, employers are often liable if their acts or omissions lead to an employee’s identity being stolen.
What Can Employers Do?
As an employer, your best bet is to protect your workforce with comprehensive identity theft protection. The best solutions spot early indicators of exposure or theft so employees can address the issues before they worsen. Additionally, you should have access to recovery support, so employees don’t feel like they have to rectify the situation alone. (Or spend dozens of company hours solving their problem.)
Of course, one of the most critical methods for stopping identity theft is educating your workforce and creating a culture of security. When all employees understand potential risks, as well as what sorts of behaviors can increase their chances of becoming a victim, they’re less likely to expose themselves or your organization to cybercriminals.
Bottom line: Democratizing security and protecting your team can save your organization and your employees the steep costs and immeasurable reputational damage associated with even just one case of stolen identity.