Identity crisis: Identity theft hurts organizations too
Picture this: It’s 2019, and a woman is charged by the U.S. Department of Justice for using stolen identities to snag employment and healthcare services.
But this isn’t your typical identity theft case. This woman used the personal information of over 400 individuals, including their social security numbers and birth dates.
The impact of her actions was nothing less than staggering.
Not only did the victims suffer damage to their credit scores, but they also lost job opportunities. Worse still, they struggled to access healthcare services they were entitled to.
And it wasn’t just the victims who suffered.
The victims’ healthcare providers and employers also faced significant damage to their reputations, and financial losses.
One person’s actions resulted in hundreds of lives being turned upside down.
One person’s actions resulted in countless organizations’ reputations and bank balances being shredded. And needless to say, that took its toll on each organization’s people.
One person’s actions = widespread misery.
And . . . it was totally preventable.
The truth is: Employment identity theft just keeps showing up. And no one is immune.
And as with the horror story above, it comes with devastating consequences.
But that’s why we’re about to cover what employment identity theft is, how it happens, and what you can do to protect yourself and your people.
And we’re going beyond basic obvious advice. Because we’re working with the very latest statistics from “Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report”.
And we’re about to serve up the highlights and insights!
Why does identity theft matter to organizations?
So, what do we mean when we say identity theft? (Other than a real bummer and a sneaky trick?)
It all starts when a cybercriminal gets their grubby little mitts on someone else’s personal info.
They might even use their stolen identity to whip up some other forms of fraud, like opening up a shiny new credit card account or filing a bogus tax return.
Obviously, any such event is a total nightmare for the poor victims. You wouldn’t wish it on anyone, not even your dentist.
But . . . why does this matter to you and your organization?
Well, imagine one of your organization’s people gets got by an employment identity thief.
And the thief then uses that stolen identity to land a job at your organization.
Yep. Suddenly, your whole organization is at risk of data breaches and financial fraud. And bad times are, indeed, ahoy.
How does employment identity theft happen?
According to the Identity Theft Resource Center, there were 316,500 reported cases of employment-related identity theft in the United States in 2020 alone.
That’s a chunky increase of 8% from the previous year.
Employment identity theft can occur in several ways.
For example, a thief might steal someone’s personal information from a data breach or a phishing scam. They might also snag the information from a lost or stolen wallet or mail (ooh, vintage).
Phishing campaigns can help criminals harvest the information they need to steal employee identities.
In the most common scenarios, criminals send fraudulent emails to targets purporting to be from a legitimate company, such as your employer, bank or building society. The emails are often rudimentary… but they use psychological concepts to lure you in nonetheless.
The emails might claim criminals are attempting to access your bank account, for example, eliciting panic. And once your emotions take over, criminals offer you a simple resolution:
Click a fraudulent link. Land on a fraudulent website. Verify your name, email address, date of birth, national insurance number and perhaps even a PIN. Do so and you can immediately let go of your worries.
But of course, the entire tale is fabricated. As opposed to securing your account, “verifying” your details actually hands them over to criminals. And, armed with your personal information, criminals can steal your identity.
Or, they can do it through what’s catchily known as “synthetic identity theft,” which essentially involves creating a new identity using a combination of real and fake information. In these instances, the thief uses whatever information they can get from you, such as a real social security number and a fake name or date of birth, to apply for employment or benefits, purporting to be you …cunning, eh?
Similarly, employers can also unwittingly contribute to employment identity theft by not properly vetting new starters. Or they can mess up by sharing sensitive information with third-party vendors.
Identity theft: The statistics
The 2022 Oh, Behave! report is based on a survey of 2,000 people from various age groups and industries like healthcare, finance, and retail. It aims to suss out folks’ attitudes and behaviors towards cybersecurity and identity theft, and how these issues impact their lives.
And let us tell you, people had plenty to say about identity theft. Brace yourself.
24% of respondents had experienced identity theft.
57% of those who had experienced identity theft had suffered financial losses as a result.
62% of respondents said they use the same password for multiple accounts.
70% of respondents said they have not changed their password in the past year.
42% of respondents said they have shared their password with someone else.
31% of respondents said they have used a public Wi-Fi network to access sensitive information.
64% of respondents said they do not use two-factor authentication to secure their accounts.
22% of respondents said they have had their personal information exposed in a data breach.
The impact of employment identity theft
The fallout of employment identity theft can be devastating for both the victim and the organization.
The victim can lose their job and their credit score can get dented. They might also be held liable for taxes or benefits fraudulently obtained in their name.
Again, the 2022 Oh Behave! report reveals identity theft’s hefty impact on people’s lives.
Nearly half of the respondents who’d experienced identity theft reported feeling stressed and anxious as a result. And over a third reported feeling violated and helpless
Additionally, identity theft often leads to financial losses, with 23% of respondents reporting that they had lost money as a result of the theft.
But . . . the impact is not limited to individuals. 44% of businesses reported that they had suffered financial losses due to identity theft. The report highlights the need for greater awareness and education about identity theft, as well as stronger security measures to prevent it from happening.
For an organization, employment identity theft can lead to a whole host of bad stuff. Things like reputational damage, loss of customer trust, and financial losses due to fines, lawsuits, and lost productivity.
It can also put a sizable dent in the morale and productivity of co-workers. They often feel violated, or mistrustful of their employer’s ability to protect their personal information.
How to protect your organization and people from employment identity theft
The good thing is: There are a few ways you can protect your organization and people from employment identity theft.
Use protection
Today, the most security-savvy employers offer identity theft protection services as a job benefit. These can include credit monitoring, identity guard, and insurance coverage if the worst happens.
Educate
Train everyone on how to recognize and avoid phishing scams, social engineering, and other types of cyber threats. Encourage them to use strong passwords, two-factor authentication, and to be wary of suspicious emails or phone calls.
Snoop (responsibly)
It’s important to conduct background checks on new starters to ensure they are who they say they are. This can include verifying their education, employment history, and criminal record. It’s also important to monitor your own data, such as credit reports and bank statements, to detect any unauthorized activity. Consider using an identity theft protection service to help monitor your personal information and alert you to any suspicious activity.
Self-defense
Ensure that everyone knows to do data protection. Help them know how to identify and report suspicious activity. This can include regular training sessions on topics such as password management, phishing scams, and social engineering attacks.
But it doesn’t stop there—training isn’t everything and you need to make it easy for people to do the right thing at the right time.
The little plan that can
In the event that an identity theft does occur, it’s important to have a plan in place for how to respond. This can include alerting law enforcement, filing a report with the Federal Trade Commission, and telling your trade institution.
Whatever your plan, make sure that everyone is aware of it and understands their role.
What else?
Hungry for more? We hear you—when an attack can cause so much trouble, you want to throw everything you can at prevention.
We’ve got you. Here are a few other tips and resources that can help protect against employment identity theft.
Lock it up: Keep sensitive information secure. Store data such as social security numbers and financial information in a secure location that is only accessible to authorized personnel.
Put it in writing: Implement a clear and comprehensive privacy policy. It should outline how personal information is collected, used, and protected.
Master of the crypt: Use encryption to protect sensitive information both in transit and at rest.
Roll with the times: Keep up-to-date with the latest cybersecurity trends and threats. And, most importantly, adjust your security measures accordingly!
The bottom line: Understanding the role of behavior in identity theft prevention
We’re the behavior geeks. So of course we’d bring it up.
But, listen: Behavioral science plays a critical role in identity theft prevention.
Sure, implementing technical controls such as firewalls and encryption is essential too. But it’s equally important to address the human element.
Your people’s behavior helps determine the success of an organization’s security posture.
So, by promoting a culture of security awareness and providing regular training and awareness programs, you will ensure that people are equipped with the knowledge and skills to prevent identity theft.
The key to effective identity theft prevention is to stay one step ahead of the criminals. And you can’t do that if you’re standing still and not paying attention.
If you’re interested in learning more, download the “Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023”.
It’s packed with valuable insights and tips for protecting yourself and your organization against cybercrime.
Identity thief grief can be prevented and managed. You just need to know how. And now you do.
