Careless Employees Found to be a Significant Risk Factor for
Identity Theft; Six Solutions to Address the Problem

LAKEWOOD, CO—A recent report authored by Dr. Doug Jacobson, director of the Iowa State University’s Information Assurance Program, finds that the biggest risk of data breaches or theft comes from careless employees or consultants who don’t properly secure the data they are entrusted with. The report audited 126 companies who suffered a data loss and found that more than 54 percent of lost data was the result of employee error, with only 34 percent being due to outside hackers.

“Over the past couple of years, thefts of consumers’ personal information have been caused by trusted employees and consultants who don’t risk the same security barriers as hackers do from outside the company,” says Jacobson. “All of sudden, employers are realizing that the biggest security threat they face to the sensitive data they are storing and/or sending is now coming from employees who can’t get caught by the millions of dollars of security technology designed to prevent the bad guys from getting in.”

Steven Hastert, president of ShredNations.com, suggests six simple steps to help keep information safe.

Clean it
Implement a clean desk rule at your company. It is an easy way to protect your employee information from unauthorized eyes. This requires every person who deals with sensitive information to clear their desk whenever they leave their office. Sensitive information should either be filed and locked or placed in a locked shredding bin.

Lock it
Human resources departments should have security procedures for storing personnel files. Lock up all employee files, both active and terminated in a secure area. More importantly, make sure that only authorized personnel have access to the key.

Secure it
Employee information stored in databases should also be secured. Sensitive employee data should never be stored on mobile storage devices, including laptop computers and USB thumb drives. The human resources department should be the only employees with access to personnel files, paper or electronic.

Hold it
Usually, the weakest link in the security chain is the person trying to be helpful to someone on the phone. Unless an officer of the court provides your company with a subpoena, you should have a strict policy to never release employee information to any individual or organization except to the employee him/herself. This rule should also apply to all consultants.

Hide it
For tax purposes it is impossible to avoid using social security numbers, but they don’t need to be printed on every document. Mask the first five digits of the social security number on pay stubs and other documentation not submitted to the IRS. This is more important for documents sent through the mail.

Shred it
When through processing paperwork containing sensitive information that does not need to be stored, it should be shredded. A shredding service not only makes secure disposal easy but they will provide free locked containers to store the material in until it is shredded. This helps employees focus on their core responsibilities, comply with the clean desk policy and documents the shredding program for legal compliance

.