• LinkedIn
  • YouTube
  • Twitter
  • Facebook
  • Google+
Payroll Today

APA Day 3: 5 steps to identity-theft proof your workplace

Get PDF file
Alice Gilman

by on
in Payroll Today

Shockingly (or maybe not), more than half of the attendees at the APA’s identity theft workshop acknowledged that they were bait for the phishing expedition undertaken earlier this year to steal employees’ W-2 information by spoofing a company’s executives. The good news is that no one took the bait.

Jane Holms, CPP, Director, US Payroll, Meggitt, USA, who conducted a portion of the workshop at the American Payroll Association’s 34th Annual Congress, provided attendees with strategies to combat this growing problem.

Don’t trust anyone

No department has access to as much personal identifying information—PII—on your employees as Payroll. PII is any information that can be used to trace an individual’s identity, like medical records, drivers’ licenses or a mother’s maiden name, or any information that’s linked or linkable to an individual, like educational, financial or employment information.

And, regardless of the safeguards you currently have in place, someone will find a way in, commented Holms. Your job is to prevent that, and Holms provided these suggestions:

  1. Minimize the collection and retention of PII. You don’t, for example, need to staple an employee’s documents to Form I-9, Holms said, and don’t keep more than you need, she added.

  2. Use encryption programs. Holms stressed that you shouldn’t send PII via email, unless it’s encrypted. And if your IT department says everything’s safe, be skeptical, she noted.

  3. Protect paper. You don’t know who’s in your office when you go home. Cleaners and security guards are in the perfect position to steal PII, so always lock file cabinets. While at work, don’t leave papers on your desk or allow subordinates to leave their work out. This requires training and reinforcement, Holms pointed out.

  4. De-identify PII. Don’t spell out employees’ Social Security numbers, Holms advised. She suggested using masking programs, instead.

  5. Computer caveats. We already password-protect computers, but go further by using strong passwords, such as a sentence. Holms also said that identity thieves have online dictionaries that can scan a computer in seconds. She then gave these examples of robust computer protocols: turn off/lock your computer when you’re not using it (get used to logging in a million times, she added), don’t store PII on laptops or flash drives, secure laptops in the trunk of your car if you’re running errands after work and permanently erase hard drives before you dispose of an old computer or printer.

Leave a Comment