With the big Equifax breach last year and now rampant W2 scams coaxing your HR department to dish out even more info, businesses are reaching their tipping points when it comes to keep their employees safe from identity theft.
Time and again, we’ve seen cases where hackers and cybercriminals are using data leaked in other major breaches and attacking your business just for a little more info to critically target what probably makes all the difference to your business continuity—your team.
Today I want to take a few minutes outlining what you’re overlooking in protecting your employee’s information and provide you with some ways to empower your team to keep their data safe (so that they can keep their heads in the game at work, rather than worrying about the ‘what ifs’ from cyberattacks).
What your employees don’t know but should about data privacy
Employees tend to be out of the loop when it comes to keep their personal data safe in and out the workplace. Unfortunately, most IT Support teams completely forget about warning users to specific scams, ensuring that passwords are secure, getting users to understand what should be considered sensitive data, and how to make sure their data is secure.
While many of us are well aware of specific types of mail we shouldn’t just throw away (rather consider shredding), nearly half of us struggle with keeping sensitive information secure in both our personal and professional lives.
Some very common sources of sensitive data that we often work with include financial information, birth dates, social security numbers, passwords and credentials, and other personal details that might allow cyber thieves to exploit your identity.
In the workplace, this information likely includes retirement accounts, W2s, social security numbers, health insurance records, birth date, family information and contact information. What many employees don’t understand is that someone in the workplace is likely handling their sensitive information on a regular basis (and often in an unsecure manner!).
What data your business likely stores about your employees in unsafe places?
And what’s scary to me, is that many of the most successful cyber heists to date have resulted in scamming HR professionals into handing over team members names and home addresses to fraudulently file tax returns.
Since major data breaches like the sorts of Equifax, we have seen scammers using W2 information that simply have very basic information (names and addresses) to successfully file and get big tax returns.
Can you imagine having an office full of employees worrying whether their identities were compromised and their taxes fraudulently filed? Worrying and thinking about that big fat return some thief took from them?
Certainly, if a W2 scam, some other phishing scam, or even a data leak or breach of ANY sort of employee data (as little as names and contact information!) were to get in the wrong hands, your staff won’t be thinking about getting their work done. You’ll have an office full of time drains—the likes of March Madness.
What you can do to keep your employees safe?
To be sure you are keeping your team’s data safe in the workplace, here are 5 important things you should be thinking about:
- Make sure your team is not re-using personal passwords in the workplace—one of the easiest ways hackers get into networks is by stealing credentials to personal accounts like Facebook or Gmail and then using those very credentials to crack into even protected business networks. Users often try and re-use passwords for all of their accounts (even with increased cybersecurity concerns over the past 10 years).
Make sure to enforce strong password policies that make users either regularly update their passwords or communicate that they need to have work-specific passwords. Every user password on your network should be unique and every user should have their own credentials to access sensitive information.
- Know where sensitive information is stored—you’d be surprised how many businesses I’ve assessed that have no clue where all of their sensitive data is stored on network. Even when they say they do, there are usually unprotected folders holding sensitive info—including team member data!
One of the easiest ways to find out if your data is all getting protected and tracked, consider a free security assessment.
- Train your team to understand how to recognize scams—the African prince scams of the ‘90s are long gone. Hackers and scammers are getting all too good at exploiting your and your team’s emotions. They know what strikes a chord and how to get people to act.
Your IT Support team needs to keep your team informed when scams start popping up. With our large user base and client-focused service, the Zog team makes sure your team is kept in the loop on scams and cyberattacks hitting the Philly metro.
- Patch and secure your network—I’ve been talking about this point week in and week out. One of the easiest ways for hackers to steal your team’s identities is simply hacking directly into unpatched or under-protected networks and stealing employee information.
One of the most effective ways to protect your staff is by protecting your network. Security experts agree that the first step to doing this is through a 3rd party security assessment. As a service to the Philadelphia-area community, we are offering a free security analysis.
- Understand which 3rd party vendors have sensitive information— almost always overlooked, 3rd party applications notoriously insecurely store team member data. Maybe you use 3rd party accounting platforms or HR software. The problem with putting your data in someone else’s hands is that you need to make sure the software apps you are using for business critical functions is secure and protecting your team’s information.
And even more, make sure your team members are taking counts on their personal information. Here are 3 tips for your employees to protect their identities:
- Limit exposure on social media accounts— one of the most common strategies for hackers to steal identities in 2018 is to stalk victims on social media, glean information from posts or mentions, and create fake identities in your team member’s names.
Protect your users by encouraging them not to overshare online. If they use their mother’s maiden name or your kid’s birthday as a security question to your bank account, should you let that info get out on social media? Probably not! Oversharing has gotten a lot of us in the deep end of identity theft in the past few years.
- Track financial accounts regularly—nowadays, it’s too risky to believe your banking institutions will detect and alert you to fraud. Make sure your team is looking at their financial data regularly (at least monthly) to ensure scammers aren’t exploiting their identities.
- Use two-factor authentication when possible—while we all want immediate easy access to our accounts, spending a little more effort on keeping access secure is a bit more important. When prompted to include a text message or phone call to verify a log in, opt in.
Keeping your team safe today is getting harder month after month. Are you sure you’re keeping your employees safe? Consider a FREE security assessment today.