#1 Rated Identity Theft Protection Service - PC World

Protecting Your Identity in the Workplace

It might be hard to believe, but the majority of identity thefts in the United States may actually start in the workplace. That's the conclusion of a University of Michigan study that found that as many as 75% of all identity thefts originate in workplaces across America.

And studies by the Privacy Rights Clearninghouse have also shown that year after year, as many as 80% of all data breaches are as a result of mistakes and crimes by employees in the workplace, and not by hackers

  • The FBI arrested a former senior financial analyst at Countrywide Financial Corp. employee who later admitted to stealing up to 20,000 personal customer records a week which he then sold for approximately $500 at a time. In total he's believed to have stolen the personal information of more than 2 million customers.
  • A former Texas Lottery Commission computer analyst was arrested for copying the personal data of Texas lottery winners. He downloaded his own work files off his computer and took them to his next job. The names and Social Security numbers of 27,075 mid-level lottery winners — people who have won prizes from $600 up to around $1 million — were on the employee's hard drive.
  • A former programmer at Birmingham, AL based Compass Bank stole a hard drive containing 1 million customer records and used some of that information to commit debit card fraud. The thief had used the information stolen from Compass Bank's database to create about 250 counterfeit debit cards. He was able to use about 45 of those cards to access and withdraw cash from customer accounts at the bank before he was arrested.
  • A former employee at one of the subsidiaries of Fidelity National Information Services pleaded guilty to stealing and trying to sell the personal financial records of 8.5 million customers, including credit card, bank account and other personal information.

Careless employees can also be a threat. A laptop computer containing limited health information on 100,000 patients was stolen after an employee left the laptop in his car. Included were 7,400 patients whose Social Security numbers were stored on the computer. One of the biggest data breaches in Britain was traced to a government employee who lost a set of computer tapes containing the personal information of almost every taxpayer in the country. And the Bank of New York Mellon admitted that it lost a backup tape containing information on about 12.5 million consumers.

Employees are not the only threat, and many data breaches and identity thefts have been committed by third parties and contractors. For example, a laptop was stolen from a third-party vendor that managed job applications for the Gap group of stores. A laptop contained the personal data, including Social Security numbers, of approximately 800,000 people who had applied for jobs at the Gap.

Typical workplace threats include:

  • Stealing a check from the back of your checkbook in the hope that it will be weeks or months before you notice the check missing.
  • Copying credit card numbers from your purse or wallet when you're away from your desk.
  • Accessing other personal information in your purse or around your workspace.
  • Stealing your Social Security number and other information from your personnel file.
  • Stealing your password and using it access and download customer information without permission.
  • Breaking or ignoring security rules that accidentally expose your personal information to others.

There are many things you can do to protect yourself, your co-workers, and your employer from identity theft in the workplace, and most simply require a little extra vigilance:

  • Take personal responsibility. Whatever precautions your employer takes to protect your information and identity, you should also take your own precautions for that extra layer of security.
  • Protect your computer. If your employer doesn't already protect your computer and the information on it, ask if you can install approved security to help protect any sensitive information on the computer.
  • Protect your password. Your password can be vulnerable not only to hackers and other external threats, but also to insiders including fellow employees, contractors, maintenance staff and even visitors.
  • So keep it safe and confidential and don't be tempted to keep it written down and stored near your workspace.
  • Avoid storing personal information on work computers. Don't store personal information like tax returns or financial statements on a work computer.
  • In most organizations this would be against company policy anyway but don't be tempted to take personal information to work for any reason.
  • Protect your laptop. Always protect your laptop, whether it's your personal laptop or a company computer, and especially if it contains any sensitive personal or company information.
  • And don't leave it lying around the office — many of the data thefts and security breaches reported in the last year resulted from the theft of employee laptops from the workplace.
  • Avoid accessing personal accounts from work. Even if you know your work computers have security installed, it's still not a good idea to access personal financial accounts from work because it could expose your login and password details to hackers or even other employees.
  • Protect your purse or wallet. Many identity thefts have been traced to the theft of checks, credit cards, and credit card numbers from employee desks. So remove the temptation by always protecting your wallet or purse while at work and especially during lunch and other breaks.
  • Don't use personal passwords for work tasks. Avoid using personal passwords at work, either to access personal accounts from work computers, or using the same passwords for work and personal use. Any security breach at your workplace could end up exposing your personal accounts.
  • Be alert for social engineering attempts. Social engineering is used by hackers to trick employees into revealing sensitive information like passwords, often by simply placing phone calls or sending emails to employees and posing as an IT administrator resetting employee passwords.
  • Watch out for walk-ins. Always be vigilant for visitors, contractors, or anyone else who walks into your office. Many id thefts are walk-ins — a thief walking into an office posing as a visitor, contractor, computer technician or even delivery driver and walking out with a laptop, server or unattended purse.
  • Be careful with new employers and job interviews. In one case the CEO of a New York computer company used the Social Security numbers of his employees to obtain new credit and obtain more than $1 million in fraudulent loans.
  • Be wary of email requests and workplace phishing schemes. Identity thieves are increasingly using "spear phishing" schemes that target specific organizations using emails, logos, and language to mimic the organization and trick recipients into revealing sensitive information.
  • If you receive such emails, check with a supervisor or manager first, or simply ignore. The worst that can happen is you'll be applauded for your vigilance (I hope).