It seems that every week, there’s another headline about a financial, healthcare or services company being breached. Clients’ personally identifiable information (PII) is exposed, potentially causing identity theft and fraud. This is invariably followed a few times per year by mailed notices that your data was included in one of these breaches, with the company offering credit monitoring services as a result.
Unfortunately, identity theft continues to be lucrative for cybercriminals, so there’s really no end in sight. The solution is to take proactive steps to minimize your exposure and be prepared if it happens to you, a family member, an employee or a client that reaches out to you for assistance.
The Federal Trade Commission (FTC) reported that over a million US consumers were victims of identity theft in 2023. Another ID theft website, PrivacyRights.org, stated that an identity theft victim spends 175 hours, on average, clearing up the issue. Many deal with it for over 23 months, with many victims taking up to four years to resolve everything!
Consider the impact this would have on your employees (or their families), particularly if it occurred during busy season. We recommend firms take a proactive approach to managing this risk. You can do this by educating staff, providing resources to understand and minimize the impact of identity theft, and providing information on how to respond if it happens.
Conduct employee security awareness and training
We suggest firms include training on how identity theft and fraud occur as part of regular firm security training. In addition to compromising information from data breaches, identity thieves also physically steal wallets, “skim” credit card information when you pay, and “dumpster dive” to obtain PII from unshredded financial documents or credit card offers.
With machine learning (and now AI), identity thieves have automated tools to “spider” through social media sites (e.g., LinkedIn, Facebook, X) to collect data, like:
- Names of family members or pets
- Employment and/or educational history
- Important dates, such as birthdays or anniversaries
These tools help thieves guess passwords and access pin numbers, which they use in social engineering schemes to trick you—the intended victim—into giving up snippets of information that will ultimately give them access to your identity. It’s essential to protect your Social Security number and avoid giving it to anyone other than a verified source.
Once thieves have the right combination of data, they can use it to get a driver’s license, open up financial/credit card accounts or commit multiple types of fraud. And then it’s up to you to discover the fraud and deal with the consequences.
Adopt protective habits
There are several things that we can do to prevent identity theft and fraud.
1. Review your credit report regularly.
Review your credit report every year or use a service that notifies you of any changes to identify if someone is opening up accounts in your name. Better yet, you can put a credit freeze on your account with the three leading reporting companies (i.e., Experian, TransUnion and Equifax), which requires that you unlock it in the event you want to open a credit account with a merchant or apply for a loan in the future.
It’s also recommended to review your credit card and bank transactions at least weekly for suspicious charges or transfers. I’ll admit that I do this daily when I’m traveling. My credit card has been compromised while I was on the road, and I identified pending charges that I didn’t recognize.
Pro tip: Keep contact information for your credit/bank card providers readily available so you can stop the charges and cancel the use of a compromised account.
2. Request your Social Security statement annually.
Another protective habit is to request your Social Security statement annually, which should match your earnings. Also, be sure to request them for your children. Thieves know kids’ Social Security numbers are usually not monitored, so they’re effective for employment identity fraud.
3. Check your health insurance claims and benefits.
Health insurance benefit identity theft is on the rise. So, it’s also important to review your claims/benefits statements monthly to ensure you recognize all of the procedures/prescriptions charged to your account.
Finally, to protect against tax return fraud, everyone should request an Identity Protection PIN from the IRS and file early.
Be prepared to respond to identify theft and fraud
It’s highly probable that identity theft will eventually happen to you, someone in your firm or a client. So, having your HR department prepare a response kit will help minimize the damage.
A good first step is to create a comprehensive document that lists action steps to respond, including fraud contacts at the three major credit reporting agencies and the procedure for putting credit freezes on compromised accounts (resources are available at ftc.gov/idtheft).
The document should also describe how to submit a report to your local police and the FTC. This will help with future legal issues, such as getting a new driver’s license if that was compromised by an identity thief.
Identity theft and fraud can happen to anyone, resulting in significant time and money spent remediating the problem. The time lost can have significant consequences on your organization. Providing education and resources to minimize the impact just makes good business sense.
For more tips on protecting your firm, staff and clients, subscribe to our blog today.