The annual deluge of new and trendy benefits. The challenges of working within an often-tight budget. The difficulty in finding a benefit that’s attractive to a generationally-diverse workforce.
We get it — selecting the right employee benefit can feel overwhelming. The good news is, we’re here to help. The following guide is designed to help you determine if an identity protection benefit is right for your employees.
We’ll begin by looking at the current state of identity theft, including the role that companies often inadvertently play in the disclosure of sensitive employee data. From there, we’ll analyze the impact employee identity theft has on their employer. Next, we’ll take a closer look at how identity theft protection helps safeguard not only employees but also their employer. Finally, we’ll review some resources you might find helpful!
Let’s get started.
To understand the value of identity protection, one must first understand two core issues: 1) the prevalence of identity theft and 2) the responsibility companies often share in data breaches, security incidents, and identity theft.
The state of identity theft in the U.S.
Despite a tremendous boom in awareness, the utilization of more advanced technology, and a renewed emphasis in cybersecurity, identity theft continues to rise at an unprecedented pace. Last year, 16.7 million Americans were the victims of identity theft. More breaches occurred in 2017 than in any year in recorded history. The total amount stolen — nearly $17 billion — also set records.
As one might imagine, the total number of data breaches and records exposed also skyrocketed. According to the Identity Theft Resource Center, nearly 180 million records were exposed during 1,579 breaches.
The results couldn’t be clearer: identity theft is growing at a record pace.
A company's role in identity theft
Pinpointing how identity theft occurs is equally disturbing.
In many cases, a victim’s employer plays a direct role in the theft. Research suggests that as much as 30 to 50 percent of identity theft begins at a victim’s workplace. Cybercriminals accomplish this through a variety of strategies, and phishing tends to top the charts in terms of success.
When AlienVault spoke with more than 300 security professionals to determine how successful work-related phishing attacks are, their results were staggering. More than one-third of respondents claimed executives at their organization had fallen victim to targeted phishing scams. One of the more popular forms of phishing is CEO fraud, where cybercriminals impersonate a victim’s CEO.
Phishing isn’t the only reason why identity theft so often begins at the office. Much of the problem stems from the types of data businesses are required to store on their employees, as well as the sheer volume of records they’re responsible for housing. When you combine these factors, there’s no wonder cybercriminals devote so much time and energy to targeting businesses.
Many times businesses make it easy for hackers by not following best practices when it comes to cybersecurity protocol. A prime example is how many members of management — and even some non-managerial employees — have access to personnel records. This makes it much easier for cybercriminals to exploit a weak link. This problem is further exacerbated when companies store employee data in the cloud. Additionally, many employees do not follow proper security guidelines when accessing work files from unsecure networks.
Of course, not every threat is an external one. Often, a victim is targeted by a peer. Disgruntled employees are capable of inflicting damage like never before, and a wave of new studies suggest they’re doing just that. Interestingly enough, money doesn’t appear to be a prime motivator. In fact, a study recently found that 27 percent of U.S. office workers at large companies would sell password data to outsiders, and many would do it for $100 or less.
Before we examine the many ways identity protection helps protect an organization, let’s take a closer look at how identity protection helps safeguard your employees. Please note that not every identity protection solution works the same, so you’ll need to verify that the following features and benefits come standard with any plan you’re considering. If any of these components are missing, you should likely look elsewhere. An identity protection benefit only works when it protects an employee’s identity, privacy, and finances.
Protects non-credit-based accounts
A quality identity protection benefit will monitor much more than credit. While monitoring and reporting credit changes is absolutely critical to identity protection, it’s only part of the solution. Our identities are composed of much more than our credit scores and accounts, and identity thieves can cause a great deal of havoc without ever touching our credit-based accounts.
So in addition to traditional credit monitoring, an identity protection benefit should also alert participants in near-real time about:
- New applications for credit cards, wireless carriers, and utilities
- Unauthorized account access, compromised passwords or login credentials, and password resets
- Fund transfers, high-risk banking activities, and public record alerts
- Address changes
Protects an employee’s social media account
An identity protection benefit should also monitor an employee’s social media accounts. This is an incredibly important feature, as it helps safeguard both your employees and your company’s bottom line. We’ll get into the latter part in the next chapter, but for now, let’s just focus on how it helps employees.
Account takeover has skyrocketed in recent years, and this often begins via social media. When a cybercriminal gains access to an employee’s account, they can destroy the victim’s personal and professional life. One of the most common means of accomplishing this is by collecting the physical addresses, passwords, and other sensitive data associated with the account. With these personal details, the crook can open new accounts in the victim’s name as well as exploit existing accounts.
Keep in mind, employees aren’t just concerned with protecting their social identities; they also want to protect those of their family members, especially their children. So be certain the plan you’re evaluating is designed to protect the whole family from online bullying, fraud, and account takeover.
Protects an employee’s finances
In addition to protecting an employee’s credit and social media reputation, a quality identity protection benefit will also protect their finances. This will require a multi-pronged approach, and protection will vary from provider to provider. However, there are two core elements that must be present: identity theft insurance and dark web surveillance.
Identity theft insurance
Make sure the provider offers a substantive identity theft insurance policy. The costs associated with fraud can stack up quickly, so a plan should come standard with $1 million in coverage.
You’ll need to verify that the identity protection company is working with a quality insurance provider, like AIG, and that the funds can be used to cover an employee’s lost wages, legal fees, medical records request fees, CPA fees, childcare fees, and more.
Dark web monitoring
To truly protect an employee’s finances, an identity protection plan should offer complimentary dark web monitoring. Your employees should be able to register important documents like driver’s licenses and credit cards with your provider. If these items are later discovered on the dark web, your employee should be notified immediately, and your provider should work hand-in-hand with your employee to resolve the matter.
Assists with identity restoration
The most important feature of any identity protection plan lies in the assistance your provider offers to employees who become victims of identity theft. This is often a timely, costly, and incredibly stressful time for them.
Here are just a few statistics that touch on the negative impact identity theft can have on an employee:
- Americans now rank criminal hacking, which often leads to fraud and identity theft, as the number one threat to their health, safety, and prosperity.
- Without assistance, it can take hundreds of hours over many months to repair identity theft
- When the Identity Theft Resource Center spoke with 2017 identity theft victims, the results were overwhelmingly clear:
- 64.3 percent reported stress
- 37.1 percent reported an inability to focus or concentrate
- 26.6 percent reported panic attacks
- 48.3 percent reported sleep disturbances
- 15.6 percent said they would have sought help but couldn’t afford it
Due to the emotionally-draining and prolonged nature of identity theft restoration, it’s imperative that your benefits provider does everything in their power to support your employee and restore your employee’s identity as quickly as possible.
That’s why any serious identity protection will come standard with certified advocates — available 24/7 — to handle the most time-consuming and tedious portions of restoration.
When an employee has their identity stolen, they aren’t the only ones who suffer. Their employer also takes a big hit. The good news is that a quality identity protection benefit can protect the victim’s employer as well.
Here are a few examples of how.
Helps combat the cost of employee disengagement
Employee disengagement is one of the most significant threats any business could face. Each year, disengaged employees cost companies a fortune. This isn’t hyperbole; the global leader in engagement research, Gallup, suggests that disengagement costs businesses more than $500 billion every year.
There’s no quicker way for an employee to become disengaged than when they’re contending with a threat like identity theft — which can take hundreds of hours and many months to resolve. When you combine the accompanying fear, uncertainty, and frustration, identity theft becomes the perfect breeding ground for disengagement.
Their disengagement can quickly spread to other members of your team, which leads to a significant decline in many KPIs. In fact, Gallup’s annual State of the American Workplace 2017 report found that companies with low levels of engagement, when compared to companies with high levels of engagement, experience:
- 20 percent lower sales
- 17 percent less productivity
- 21 percent lower profitability
- Between 24 and 59 percent higher turnover
- 70 percent more employee safety incidents
A quality identity protection benefit can help prevent your employees from becoming disengaged by helping them resolve any and all identity theft-related problems quickly and thoroughly. This lets employees focus on what really matters — their career.
Helps protect your reputation
In today’s hyper-connected world, few things are as important to the success of your business as its reputation. There have been hundreds of articles written on the topic, and the following are just a few highlights of their findings:
- Humans share positive experiences, on average, with three people — they will share a negative experience with 10 or more
- Companies with a bad reputation typically spend 10 percent or more per hire than companies with a good reputation. For companies with 10,000 employees, that equates to $7.6 million in additional wages
- A Harvard Business Review study found that nearly half of all job applicants would reject a job offer from a business with a bad reputation, regardless of how much money they were offered
- 90 percent of customers read online reviews before visiting a business, and 84 percent of people trust online reviews as much as personal recommendations
- For every one-star increase on Yelp, businesses typically experience a 5–9 percent increase in revenue
The evidence is overwhelming: your company’s success is directly tied to its reputation. And your reputation is the first thing to take a hit after experiencing a data breach, security incident, or any other event that leads to employee or customer data loss.
You can proactively reduce the fallout by investing in employee identity protection.
Lessen litigation risks
If an employer’s actions lead to employee identity theft — or even the risk of identity theft — they can face significant litigation costs. While the U.S. government doesn’t offer as many protections as Europe (see next section), offending companies can still find themselves in a world of hurt.
This is especially evident in a string of lawsuits launched by cities and states against businesses that compromised employee and customer data. One of the most high-profile examples of this occurred after Uber announced that more than 57 million customers and drivers were part of a massive breach. As a result, the city of Chicago and the attorney general for the state of Washington filed separate lawsuits accusing the ride-sharing company of misconduct.
The number of court cases isn’t the only thing growing — so is the number of employer convictions. Courts are increasingly siding with employees who had their personal details compromised by their employer. This is true even when there is no law specifically requiring courts to do so.
By proactively investing in identity protection, you send a strong message: Our company values its employees and has taken steps to safeguard their identities, privacy, and finances!
Reduce the risks of regulatory fines and fees
The fines and fees associated with government regulations can also cripple a company. In the U.S., the Fair and Accurate Credit Transactions Act (FACT Act) and the Fair Credit Reporting Act (FCRA) regulate how businesses must protect their customer and employee data. If a company fails to comply with these standards, the penalties can be massive.
And if a company does business outside of the U.S., they must often comply with even stricter laws. This is especially true in the UK and EEA states, where failure to comply with the GDPR can cost companies a fortune. One of the most notable requirements of this legislation is that businesses have just 72 hours to register a breach. If reported late, they must forfeit up to €2 million or 4 percent of annual turnover, whichever is more.
Luckily, you can illustrate your commitment to safeguarding employee data BEFORE an incident occurs.
Bolster corporate security
An identity protection benefit should also bolster your corporate security. Here are a few examples of how this can occur:
Social media protection
We discussed how social media protection benefits your employees in the previous chapter, but did you know it also protects your company?
When a cybercriminal hijacks an employee’s account, they can use it to defame your business, phish the victim’s coworkers, and defraud customers, clients, and partners. That’s why it’s so imperative that an employee identity protection benefit monitors your employees’ social media for suspicious behavior and alerts them at the first sign of account takeover.
By catching the problem quickly, you significantly reduce your organization’s risk and liability.
Provides ongoing and thorough education
A quality identity protection benefit will also educate your employees about new and evolving identity theft risks, as well as the latest cybersecurity standards. This ongoing education should include, in part:
- Best practices for safeguarding accounts and creating more secure passwords
- Reviewing new tactics hackers, cybercriminals, and identity thieves are using to attack employees and corporations
- Alerting participants to data breaches, security incidents, and other pertinent information as quickly as possible
Protects corporate credit cards, usernames, and passwords
As we mentioned in the previous chapter, an identity protection benefit should protect the contents of your employee’s wallet. This is especially important for employees who might have access to company credit cards.
Of course, this dark web monitoring shouldn’t be limited to financial documents. Your provider should also track and protect the usernames and passwords your employees provide. After all, many people will use the same password for all of their accounts, whether for personal or professional use.
As a result, cybercriminals can easily gain access to sensitive corporate data. That’s why your identity protection provider should alert an employee in near-real time and work with them to remedy the situation in the event that their — or their employer’s — data winds up somewhere it shouldn’t.
Helps companies attract and retain top talent
By offering identity protection as an employee benefit, your business will be able to better attract and retain top talent! This is especially true for millennials, who are a) far more likely to leave your organization than other generations and b) more likely to prefer additional benefits over salary increases.
By 2025, millennials are expected to make up around 75 percent of the workforce. That could spell big problems for businesses that miss the mark, as the following statistics illustrate:
- 60 percent of millennials are open to a new job
- 50 percent intend to leave their current employer within a year
- Nearly 25 percent have changed jobs within the past 12 months
- Three out of five millennials say they’ve switched jobs between one and four times within the past five years
- An astonishing 66 percent say they will be leaving their job by 2020 regardless of what the economy is like
Thanks for reading our guide! We hope it provided some clarity as to why your business should offer employees identity theft protection as a benefit. If you’d like to learn a little more about identity theft, identity protection as a benefit, or InfoArmor’s award-winning solution, PrivacyArmor, the following resources might be of value.
- Visit our PrivacyArmor Features page to discover how PrivacyArmor protects employees, what sets us apart from the competition, and core features every identity protection benefit should include
- Transform from HR worker to cyber warrior with our complimentary ebook, The HR Guide to Employee Data Protection and Identity Theft Prevention
- Brighten up your office and help educate your team about the risks of identity theft with our wall chart, HR’s Role in Protecting Employee Data and the Company’s Bottom Line
- Are you looking to attract, retain, and engage top talent within your industry? Our free white paper reveals why offering identity protection is instrumental
- Do you worry about getting buy-in? Consider sharing our slides, By the Numbers: How Identity Theft Impacts Your Employees, Your Business, and the World
- Phishing is one of the greatest risks your organization faces. Discover why and learn how to protect yourself in our free ebook, Phishing for Dollars: How Identity Theft Is Leaving Businesses and Employees on the Hook
- By now, you likely understand what InfoArmor does, but do you know why we do it? Discover for yourself in our article, Why We Do What We Do
- Do you have an employee who is a victim of identity theft? Learn how they can correct the problem in our complimentary resource, How to Recover From Identity Theft: Employee Edition
- For a variety of tools you can use to protect your employees and educate yourself about the risks of our digital age, you can check out our official Resources page
- Would you like to see PrivacyArmor in action? That’s great! You can request a free demo here
Finally, if you’d like immediate assistance, or if you have a question you think we can help answer, please reach out. We’ve been in the employee identity protection industry for more than a decade, and we’d love to partner with YOU.