Businesses and employees are often major targets of identity theft and cybercrime.
And there are three reasons why.
When it comes to cybercrime, businesses are easy targets. They typically hold a massive amount of both employee and consumer data as well as banking and partner information. If a hacker can breach a company's system and can get their hands on the data the company is storing, then they have the potential to not only put the company out of business, but also cause major damage.
A good amount of damage can also come from business identity theft. According to businessidtheft.org, "...business identity theft involves the actual impersonation of the business itself. It can occur through the theft or misuse of key business identifiers and credentials, manipulation or falsification of business filings and records, and other related criminal activities intended to derive illicit gain to the detriment of the victimized business; and, to defraud creditors and suppliers, financial institutions, the business' owners and officers, unsuspecting consumers, and even the government."
Lastly, business employees are regular targets of identity theft because they often lack security training, have personal information to steal, and they often know company passwords and other vital company information that can also be stolen. Cyber criminals and identity theft criminals can target employees via email, websites, and even phone calls.
So, what should you do to protect both your identity and the company's identity while working? We asked a few identity theft and cybersecurity experts to give some tips.
Here's what they said.
Keep an eye on emails
"Be mindful of calls, emails, or texts asking details about your workplace, or your personal life. Some try to fake HR divisions of employers or management companies such as ADP payroll or WageWorks for other benefits; always ensure the numbers and email correspondences match the official website and have 'https' as the URL prefix." — Dennis Chow, CISO of SCIS Security
"Phishing and the more specifically tailored spear phishing are the most common ways that malware that can lead to identity theft is downloaded. Learning to recognize spear phishing emails, using security software intended to screen out phishing emails (although the software is far from perfect) and refraining from clicking on any links unless they have been confirmed to be legitimate are crucial steps in protecting yourself from identity theft. In addition, people should consider limiting the personal information that they make available through social media which can provide information to be used to fashion spear phishing emails." — Steve Weisman, Identity Theft and Scam Expert
"Report any suspicious emails to your company's IT or Cybersecurity team. The team will be able to confirm the phishing attempt and prevent any additional attempts from that email." — Cameron Williams, Co-founder and CTO of OverWatchID
Don't skip out on training
"Get security training. Often, employers provide education about security vulnerabilities, like e-mail phishing, ransomware programs, and social engineering." — Mike Brengs, Managing Partner of Optimal IdM
"Staff should be trained on identifying and disposing of phishing emails. Never click on links or attachments in unsolicited emails, always double check the sender's email address — not just their display name — and never give anyone private information over email." — Paul Bischoff, Privacy Advocate at Comparitech.com
Be careful when giving out information
"Use secure methods of communication when having to transmit sensitive or confidential details to your workplace office such as encrypting your documents with a password, and then giving the password over a separate medium such as text or phone (do not use passwords that you use for yourself)." — Dennis Chow, CISO of SCIS Security
"Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email. Don't send sensitive information over the Internet before checking a website's security." — Mike Brengs, Managing Partner of Optimal IdM
“The first step is to know your rights as an employee. Depending on where you live, you may be protected from granting your employer access to your social media accounts, for example. Employers are also limited as to what information they can request as part of a background check. Employees in the US are generally protected by law from wiretapping and other communication monitoring while at work without consent." — Paul Bischoff, Privacy Advocate at Comparitech.com
Pay attention to passwords
"Create the best passwords that are hacker-proof but easy to remember. Bonus if there's a trick to making a different password for different accounts but a way to remember them all. The best passwords contain at least 12 characters. Mix up the letters, numbers, and symbols as much as possible. For example, consider using a $ instead of an S or a * instead of a vowel. The newest trend in password safety is the use of password phrases. Instead of simply using a word with a mixture of letters, numbers, and symbols, use a relatively long phrase but one you can remember." — Justin Lavelle, Chief Communications Director of BeenVerified
"Password Maintenance. By password maintenance, I mean, regularly updating your passwords across your life (accounts, phones, etc.) with a minimum of yearly review. Most users I run across use the same password across all of their portals, which is scary because using the same password now becomes a threat vector to the workplace and can compromise the employer too. Password managers can help with this. As a security professional, I prefer 1Password because I can control the database across my devices and no other entities have access to it, for a one-time/lifetime fee where many password managers have subscriptions etc. I also get asked what is a good best practice/industry standard for passwords and I mention 8-64 character length with complexity and the use of password managers." — Derek Iannelli-Smith, vCIO and Founder of Outsourced CIO, LLC
Be smart with security questions
"Use nonsensical answers for security questions. Common security questions have answers that can be readily found online by a determined identity thief; however, there is no rule that requires you to use your mother's actual maiden name as the answer to the security question as to what is your mother's maiden name. Instead, you can use something nonsensical like 'firetruck' which is silly enough to remember and will never be found by an identity thief." — Steve Weisman, Identity Theft and Scam Expert
"If you’re answering security questions on a website, social media account, etc.—never simply answer a question with one word that can be easily hacked. If you’re asked for the name of your first pet and the pet’s name is 'Ben', instead of simply typing 'Ben,' make it harder to crack by using 'B*n#1.' This would take a tremendous effort for decoding." — Justin Lavelle, Chief Communications Director of BeenVerified
Get the right protection
"Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. Take advantage of any anti-phishing features offered by your email client and web browser." — Mike Brengs, Managing Partner of Optimal IdM
"Whatever cloud service you are using, enable threat protection. Because I am an Office 365 fan, many of the products and feature of the subscription, accommodate 2FA, Password maintenance, and policies that can be pushed down an organization based upon industry standard templates (PHI, PII, PCI DSS, HIPAA, GDPR, etc.). These policies can be pushed throughout the entire ecosystem (OneDrive, Email, Azure, etc.)." — Derek Iannelli-Smith, vCIO and Founder of Outsourced CIO, LLC
"Install a good firewall and anti-virus software, enforce a strong password policy and limits on who has access to your systems." — Justin Lavelle, Chief Communications Director of BeenVerified
"Use ad blockers to prevent malware from being downloaded merely by employees going to infected sites." — Steve Weisman, Identity Theft and Scam Expert
Key Takeaways: Protect your identity in the workplace with these steps
• Keep an eye on emails
• Don't skip out on training
• Be careful when giving out information
• Pay attention to passwords
• Be smart with security questions
• Get the right protection
Regardless of where you work, you should always strive to secure both your information and your employer's information. Identify theft is an advancing crime and continues to be a major threat to employees and businesses alike. It's highly recommended that you follow the tips above and do your own research on avoiding identity theft in and out of the workplace.