Industry News
Keep up with the latest developments and information.
Resource Center > Industry News > Strategy - Protecting Employees From Identity Theft And Fraud
Strategy - Protecting Employees From Identity Theft And Fraud
Tuesday, March 30, 2010
March/April 2010 – CAN (EN) HR Professional By Michael Collins The mechanics of identity theft and fraud are often associated with external sources but approximately 36 per cent of security breaches reported in 2009 originated within companies, according to a study conducted by Telus and the University of Toronto’s Rotman School of Management. The same study shows that unauthorized access to information by employees is up by 112 per cent and is the fastest-growing breach category. While every organization is unique, typical risks include a lack of strategic security planning and comprehensive policies, particularly regulating insider access to sensitive information, as well as policy implementation issues. This creates an environment where confidential employee information may be easily mishandled, either through negligence or wrong-doing. This mishandled information is an easy target for identity theft fraudsters who may operate both inside and outside of your organization. Security risks faced by HR professionals also include duplicate documents stored in different locations on the network, and unattended loose print documents. Unrestricted or easily obtainable access to employee records, both in electronic and paper form, is another major concern. Finally, a lack of consistency between HR and other departments when it comes to enforcing information security policies and procedures creates uncertainty and confusion that multiplies security risks. Securing informationFollowing these guidelines will enable HR professionals to protect the security of employee information and eliminate the potential for identity theft and fraud. First, conduct a security audit by asking yourself the following questions: Are there formal policies in place governing the issues of information security in your organization and in your department? Is access to employee records restricted to HR professionals and other key personnel? Is this access strictly differentiated, based on the specific business needs of specific categories of personnel? Do restricted and differentiated access policies apply to both paper-based and electronic employee files? Do you monitor your office for printed employee-related documents? Is paper waste in your department fully destroyed on a regular basis? To build your security policy, use the following six steps: List all potential risks that may threaten the security of your employee records. Examine both paper-based and electronic-information sources; analyze every stage of your workflow and information cycle from data generation and storage to data transfer from location to location and document destruction. Create comprehensive information-security policies ensuring your department is fully compliant with companywide policies and procedures, as well as national identity theft and privacy legislation. Restrict access to employee records, based on specific business needs of specific categories of personnel. If your organization operates internationally and has centralized information management systems, consider establishing country-specific levels of access. Build an organizational culture that values and respects the integrity of employee and other sensitive information. Train your staff in secure document management and destruction; implement a shred-all policy, making sure all paper documents are securely destroyed on a regular basis. Michael Collins is the regional manager at Shred-it Canada in the Greater Toronto Area.
March/April 2010 – CAN (EN) HR Professional By Michael Collins The mechanics of identity theft and fraud are often associated with external sources but approximately 36 per cent of security breaches reported in 2009 originated within companies, according to a study conducted by Telus and the University of Toronto’s Rotman School of Management. The same study shows that unauthorized access to information by employees is up by 112 per cent and is the fastest-growing breach category. While every organization is unique, typical risks include a lack of strategic security planning and comprehensive policies, particularly regulating insider access to sensitive information, as well as policy implementation issues. This creates an environment where confidential employee information may be easily mishandled, either through negligence or wrong-doing. This mishandled information is an easy target for identity theft fraudsters who may operate both inside and outside of your organization. Security risks faced by HR professionals also include duplicate documents stored in different locations on the network, and unattended loose print documents. Unrestricted or easily obtainable access to employee records, both in electronic and paper form, is another major concern. Finally, a lack of consistency between HR and other departments when it comes to enforcing information security policies and procedures creates uncertainty and confusion that multiplies security risks. Securing informationFollowing these guidelines will enable HR professionals to protect the security of employee information and eliminate the potential for identity theft and fraud. First, conduct a security audit by asking yourself the following questions:
To build your security policy, use the following six steps:
Michael Collins is the regional manager at Shred-it Canada in the Greater Toronto Area.
Argentina
Belgium
Canada (English)
France
Germany
Ireland
Luxemburg
Puerto Rico
South Africa
South Korea
Singapore
UAE
UK
USA