I know that the recent retail breaches have a lot of customers worried about identity theft. But a new survey from GFI Software reveals that customers aren’t the only ones concerned, especially in an SMB setting. According to the survey, 87 percent of the nearly 1200 people interviewed said they are concerned that they are at risk of being the victim of identity theft or other crimes. And 60 percent said they’d remove their personal information from the Internet if that were possible.
The focus of identity theft seems to be how to protect the consumer, and that’s fair. Customers have no control of their data once they entrust it to the business. At a time when businesses expect to be breached, customers are placing a great deal of trust in businesses that store personally identifiable information (PII) that includes addresses and credit card numbers. After that, the focus of a breach of information revolves around the business itself. Employee identity protection appears to be at the bottom of the priority list. Employees are right to be concerned. Take the recent hack into Coca-Cola’s networks, for instance. According to the Boston Herald, 74,000 employees and former employees, along with third-party persons, had their personal information compromised:
The information, including Social Security numbers and driver’s license numbers, was stored in documents on stolen company laptop computers, according to a Coca-Cola spokeswoman. Other information, including compensation, ethnicity and addresses was also taken.
In this case, the information was accessed via laptops in the possession of a former employee whose job it was to take care of computer equipment. The increasing use of personal devices to access company networks is also putting employee information at greater risk.
Unfortunately, as an eSecurity Planet article stated:
... among employees of small businesses that have IT support on staff or on contract, only 53 percent say their company has documented policies in place governing the use of company-owned devices and/or computers in the workplace. More strikingly, among those that do have document policies in place, 24 percent of respondents admit to having violated those policies.
It appears that small businesses, at least, aren’t taking enough steps to provide protection of the data on company devices – data that often includes employee PII – and that when they do, employees go against their own self-interest to ignore those policies.
I don’t know what the answer is, but I do think that this survey should have businesses of any size, but especially SMBs, taking a second look at how they protect employee PII. Employees shouldn’t have to worry that their workplace could result in identity theft.