Many identity thieves start by looking for victims in the workplace. The security of corporate and personal information is the responsibility of both the employer and employee, negligence by any party could result in the leakage of sensitive company information. Companies need to be proactive and vigilant in securing their corporate, client and staff’s information.
With the advent of social media, it becomes an employer’s concern as company and client information may be leaked out through social media postings. Staff should be advised to refrain from posting work-related information online. Aside from inadvertently releasing sensitive company information online, employers run the risk of having their staff’s online work identity and company profile stolen.
It is common for employees to receive suspicious emails via their work email addresses. A designated team in your company, such as the IT security department, should be trained to provide appropriate advise to employees if they report any suspicious emails. Your IT security department should also keep track of these email threats and notify all employees of it if there begins to be a recurring trend.
How can you spot suspicious emails? Here are some tell-tale signs:
- Misspellings in email subject and content
- Threats for not responding
- Unsolicited requests for sensitive information
- Promise of enticing benefits for replying/clicking link in the email
- A different URL appears when one mouse-overs the link in the email
- Requests to open up file attachments (e.g. .exe, .zip file types)
If an email sounds too good to be true, it probably is. A phishing email is one that imitates a legitimate organization (such as banks or insurance companies) and requests for your personal information. This phishing for information usually involves a complicated scheme run by identity thieves in which a dummy website is set up to look like the real deal. Once you enter your personal information, the identity thieves have everything they need to use your identity.
Some employers fail to offer security software on the computers they provide their staff for work, leaving work computers open to attacks from malware, such as viruses, worms and Trojans. Viruses for example, are able to take over a computer system and steal the data. Updated anti-virus software will protect employee computers and thus company information.
Employers should ensure that all new staff computers are equipped with the necessary software and routinely check that all staff have kept their security software up to date. Anti-spyware software will prevent spywares from monitoring Internet activity, while firewalls block 3rd-party intruders who may attempt to steal sensitive data over the network. Employers should also look at encrypting data sent over the company network in the event that it falls into the wrong hands.
If your company did not implement network based login for work computers, then all work computers’ login should at least be password-protected. Computers used for multiple employees should have different accounts and different password logins for each employee.
Employees should not use any of the same passwords that are used for their home computer when setting up passwords for a work computer. Work and personal passwords should be kept separate so as to not run the risk of losing both private and company information to malicious third-party attacks.
Employers must remind staff that protecting their online identity in the workplace is just as important as their online identity in the home. The public aspect of your staff’s work computer could make company information even more susceptible to malicious thieves, so taking the appropriate steps to encourage employees to stay cyber safe is essential.