When identity theft or fraud happens to an employee, it's not just that person's problem: it should be a concern for the entire company. When someone's personal data is compromised at work, it could be a sign of a security gap in business as a whole that needs to be addressed.
There are specific things about identity theft that companies should know, particularly when it comes to the impact of a single instance.
Identity thieves can have different goals
It could be easy to assume that an identity thief's main goal is money, but that's not always the case. As an IC Analyst Private Sector Program whitepaper pointed out, criminals could have
"sociopolitical" motives as well as financial ones, meaning they could target either a person or an organization's public image.
Businesses can suffer when the target erodes confidence. In the wake of the Yahoo breaches reported last year, the company said that the actions may have been caused by a "state-sponsored actor," as CISO Bob Lord said in a statement. Since then, the company's status has dropped in some eyes, with commentators wandering if this impacts an important business deal.
Social media can provide an entryway
Like it or not, many people use social media at work. Pew Research Center polled 2,003 adults and found that 34 percent use social media to "take a break" while on the job. Workers at companies with social media policies in place were less likely to do this, however.
How does this represent a problem? As Lifehack pointed out, social networks contain a lot of important information about their users, especially if a person makes a purchase through the platform using a credit card. Employees could also add a fake "friend" without properly researching them, or click on a bad link.
To be fair, Facebook did recently announce it would offer a new security measure for safer login, enforcing two-factor authentication. But this brings up another important point.
Employees can practice bad habits, including lax password security
Companies are only as strong as their security culture. A big part of this can be the way in which employees approach logins to company accounts, including weak passwords that are easy to hack.
Last year, SplashData released a list of the weakest passwords of 2015, many of which were holdovers from the previous year. Instantly guessable combinations like "password" and "123456789" are still among the most popular, leading to possible. SplashData CEO Morgan Slain remarked that efforts to improve on these passwords can be insufficient to stop the problem.
"We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers," Slain said.
On this level, a stolen passwords could place business interest at risk if they use the same password for work related data.
An incident can lead to employment concerns
Finally, there's the impact of employment-related fraud. When an identity thief uses someone's Social Security Number to obtain work it can effect an employee’s record and background check.
What's more, this could also be a reason for any business to look harder at its own employees for evidence that they may be committing fraud. So-called "insiders" are another chief concern for companies, as they can take their time to commit fraud that doesn't become apparent until later. Whether it's employment-related or not, fraud that happens to an individual could have a larger effect.
By partnering with Identity Guard Business Solutions, companies help can protect their employees and, by extension, themselves. The many different types of threats out there mean that businesses and employees have multiple ways to be compromised, but with identity theft protection service added to the voluntary employee benefits, workers can have some protection ready to go.