Data breach and identity theft risks continue to plague businesses and consumers alike. Large-scale exposures-hitting organizations from nationwide retail and restaurant chains to multi-state hospital systems-are just the tip of the iceberg when it comes to data breaches. Cyber thieves have set their sights on companies of every size and in every industry.
As companies and individuals bump up against these increasing risks, benefit advisors are in a prime position to help. They can better guide their business clients and clients' employees by having a good understanding of the threat landscape and how common risks can be addressed and avoided.
Risks Across the Board
The risks associated with data theft are different for businesses and consumers, but both groups encounter significant challenges. When a company suffers a breach, it must grapple with the potential security issues posed by the loss of the data itself. Stored passwords and login credentials could be used by hackers to access the corporate network.
Intellectual property may have been part of the compromised data set, possibly jeopardizing the business's strategic market position or exposing its trade secrets. In addition, breached corporate entities face the prospect of stiff financial costs and regulatory penalties. Remediation steps, such as providing credit monitoring and other fraud resolution support tools, quickly adds up as the number of victims grows.
The backlash from impacted individuals, whether they're customers, patients or employees, can also be tremendous. Trust-so difficult to build in today's hyper-competitive environment-is lost, and the business's revenue picture may suffer as a result. Consumers, too, have much to worry about when it comes to data exposures.
Identity thieves often use personal information to steal funds from victims' bank accounts, make fraudulent purchases on existing credit cards, open (and quickly drain) new lines of credit and even obtain medical treatment and unemployment benefits under the victims' name.
Identity fraud is difficult and time-consuming to resolve, and the effects on individuals' financial activities can have far-reaching consequences. Employees who fall victim to identity theft have enormous challenges in front of them, some of which are also likely to impact employers.
When an individual discovers his identity has been stolen, he spends an average of 10 hours trying to resolve the fraud on his own. Many of these activities must be carried out during business hours (creditors and others are typically available only during the regular work day) and some percentage will almost certainly occur while the employee is on the clock.
Lost productivity-time spent resolving identity theft-is quickly compounded by the stress employees feel when they're worried about fixing their financial lives. They may be working to correct a ruined credit record and bill collectors could very well be harrying them over the thief's fraudulent activities.
This adds up to an employee who desperately wants his life (and job) to return to normal, but who's caught in a situation that requires immediate attention and for which there seems to be little expert help available.
Identity Theft Prevention
Companies have many tools available in the fight against cyber criminals. Limiting the amount of information that's gathered and stored-whether it resides on central servers or mobile devices-should be one approach in a multi-pronged data protection plan. Sensitive data should also be segregated from operational data and other information that's accessed on a regular basis for day-to-day operational activities.
These two strategies together reduce the amount of data that must be protected. Additionally, businesses should train employees in safe data management practices, including the use of strong passwords and the avoidance of suspicious email links and websites. Hackers routinely launch network attacks where they attempt to crack weak passwords.
They're also notorious for flooding employees' inboxes with e-mails that appear to be from trusted sources but actually contain compromised attachments and malware. Being vigilant for signs of unauthorized network access or data theft is also key. The sooner a business identifies and stops a security leak, the greater chance they have to minimize the breach's damage.
Help is Available
Rather than try to resolve identity theft and data breach incidents alone, benefits advisors should counsel business customers and clients' employees that services and support are available if they experience a privacy or data security issue. Coverage options for individual employees may include tools such as identity management services, which are designed to help victims navigate the labyrinth of steps that must be followed to repair the financial damage done by identity theft.
Victims can often talk directly with a fraud resolution specialist who can assist them in gathering the information necessary to file police reports, work to get creditors to vacate fraudulent debts, expunge incorrect data that may have entered a health record as the result of medical identity theft, and even recover or recreate critical financial and other documents stolen in a home burglary.
Business customers can also tap into expertise and support in the event a breach occurs. If network assets have been compromised, forensic specialists are available to conduct a detailed investigation into the incident. Breach response experts can help manage the notification of affected individuals.
Experienced data protection consultants will be able to evaluate existing security measures and identify potential risk areas. In addition, the company's policy may also include legal assistance to help cover the costs of litigation or other issues that are likely to arise.
About the Author
Page Elliott is a Director of Business Development for IDT911, a provider of identity and data risk management, education, and resolution services. He has more than 25 years of experience in employee benefits with health insurance carriers, benefit brokerage/consulting firms, and communications/marketing companies.