You might think of identity theft as something that only you need to worry about. Maybe you’re thinking of a hacker in their mothers basement, cackling over your social security number. But you might not think of something that’s probably even more valuable to hackers – your corporate identity. Thieves are everywhere, and stolen credentials, phishing, and not patching vulnerable systems have led to the kinds of massive data breaches we’ve seen in recent years. So today I’ll tell you what you can do in order to protect your work identity.
You might remember that it’s Tax Identity Theft Awareness week. In honor of that, this is the second in a three part series on identity theft. Check out Monday’s post on protecting yourself from tax identity theft, and stay tuned on Friday for more about protecting your kids identity.
My current company does an amazing job educating the workforce about the dangers of corporate identity thieves. We have constant training and reminders to protect corporate and customer information, protect passwords, avoid phishing, and other things. I consider myself fortunate, since I know not all companies have the same level of commitment to education. In case you work for one of those kinds of companies, you’ll want to stay tuned.
Psst – I also have a guest post up today over on the White Coat Investor – all about lessons from everyday Breadwinning, Six Figure, Millionaire Moms. Be sure to check it out!
Huge Data Breaches
In recent years, the identity of pretty much everyone living in the US has been stolen (in addition to many identities abroad). All these breaches have boiled down to only a few reasons:
- Not patching vulnerabilities – Equifax
- Stolen credentials (especially from vendors) – Target, EBay, Home Depot
- Phishing resulting in malicious software installation – Anthem, JPMC
StupidityPut Security Credentials In their Source Code – Uber
I’ve worked in IT for about 15 years now, so I’ve learned more about these sorts of vulnerabilities and issues than your ordinary person on the street. All these massive data breaches were caused by simple, likely innocent mistakes made by ordinary workers just trying to do their jobs. Although, the Uber one is kind of grating.
I don’t often talk tech shop here on the site, but a discussion about corporate security invariably turns back to cyber security. Yes, physical security (shredding documents, not losing your laptop, etc.) is also still important, but hackers are constantly trying to penetrate your systems. It’s not a question of whether you’ll be breached – it’s a question of when, and how prepared you are to handle it.
But I know much of my readership doesn’t work in IT, so you may not be able to help with that part. Instead I’ll focus today on tips everyone can use in their workplace – whether you’re in marketing, a doctor, a lawyer, or any other profession.
Phishing – It’s Not Just for Ben and Jerrys Anymore
You’ve certainly seen phishing attempts at home, with miss-spelled emails asking for you to log in or sign up for something suspicious. Hopefully you haven’t clicked on them. But phishing at work can take on a whole new level of danger – and sophistication.
Phishing attacks can come in an email, from a legitimate looking company looking to get you to click on a download of some kind. Once a criminal has downloaded software onto your computer, they can start to infiltrate the company network in a variety of ways. Interesting fact – corporate e-mails are six times more likely to get phishing e-mails, and four times more likely to receive malware, than personal e-mail accounts.
There’s also another, less commonly known phishing attempt centers around social engineering.
What is that? you might ask. That’s when someone contact you and pretends to be someone they’re not, in order to scare you into doing something. Maybe they pretend to be a vendor asking you to change their payment information, like happened in one county. Or they may call pretending to be a high up executive, making demands that the employees don’t want to question for fear of their jobs.
Whatever the case, you should be on alert. Don’t click on suspicious emails, particularly emails from outside your organization. Don’t download things onto your work computer. And if you get what you think seems like an odd call from an executive or vendor, get callback information and loop in someone above you for confirmation. You just might save the company – and yourself – a lot of headache (plus your job).
Physical (and Digital) Security
One area where you can personally make a huge difference in the security of your company is by protecting your physical – and digital – environment. There’s the basic things, like make sure your passwords are strong and ensure you don’t e-mail private information to the wrong person. You should also secure your laptop while at work, and keep your laptop with you when not at work. If you have a work phone, be sure to keep it in a safe location where it won’t be lost or stolen. Shred documents you don’t need, and delete e-mails or documents that don’t need to be kept.
If you work remotely, you need to be extra careful with protecting information. Don’t work in an area where other people might see your computer and the information on it. Securely store your work documents if you’ve printed them, and lock up your work things at the end of the day. Make sure you shred things at home if needed.
Lookout For Improvement Opportunities
You, as a worker not in IT, can still check how things are operating at your company and possibly recommend improvements. Does your company have regular training on physical and digital security? If not, maybe you can suggest a new program. Does your company run phishing e-mail tests to educate its workforce? If not, that’s a pretty simple thing that can be implemented. Does it take forever to revoke access when someone leaves the company? Point out that it’s a security risk.
The point here is that security is everyones business. When the media runs stories about these big, bad corporations letting data breaches happen – it’s really ordinary people making mistakes that other people take advantage of. Don’t think of security as that thing the boring IT people do – think of it as something everyone does. Do your part to help, and if you see areas where your company could improve, speak up!
I hope you’re enjoying this series – if you missed it, be sure to check out Monday’s post on protecting yourself from tax identity theft, and stay tuned on Friday for more about protecting your kids identity. Or you can also read some of my other identity theft articles – my identity theft victim story, research on ways to protect your credit after the Equifax hack as well as my favorie book on this subject. Identity theft is a subject I’m passionate about.
Let me know in the comments – have you ever seen a situation at work where some kind of corporate identity theft was involved? Or perhaps an interesting story on the news? I want to know!
Be sure to follow my blog for more great posts via e-mail or WordPress, or connect with me on Facebook or Twitter and say hello! You can also check out what I’m buying or baking on Instagram, what I’m pinning on Pinterest, or the latest books I’m reading (or want to read) over on Goodreads.