Are vacationing employees at risk of identify theft?
By Monu Kalsi
Identity theft is a massive problem for every business. It is a crime that threatens every employee regardless of age, income level or type of employment. It is estimated that Canadians lost over $290 million to fraudsters, from January 2014 to December 2016. This concern is rising. In a 2017 survey from the Chartered Professional Accountants of Canada, more than 71 per cent of respondents indicated a concern about fraud today.
By Monu Kalsi
With the summer break fast approaching, employees will be taking off for vacation with families and friends. Since 66 per cent of employees take work away with them on vacation, businesses need to consider implementing information security vacation policies to ensure employees are identity fraud safe when traveling. Failure to take precautionary measures can ultimately affect your business’s bottom line and corporate reputation.
As an employer or manager reading this, these statistics should be particularly worrisome. A 2017 glassdoor survey found that 29 per cent of employees have been contacted by a co-worker while on vacation, and 25 per cent say they have been contacted by their boss.
Here are the five items most at risk for travelling employees.
Mobile Devices: Employees are increasingly using their personal mobile devices to access corporate data when traveling. This is worrisome. A Ponemon Institute study reports the following:
- 43 per cent of these employees use their mobile device to access corporate data;
- 63 per cent of companies have no policies in place regarding the type of company data that employees are allowed to store on these devices;
- 64 per cent of organizations are not vigilant in protecting sensitive or confidential data stored or accessed on devices;
- Two-thirds of organizations are reported to have had a data breach as a result of employees using mobile devices to access confidential company information.
This begs the question — what can employers do to ensure these breaches do not happen to their employees when traveling?
First, organizations need to create a vacation mobile security policy based on compliance and risk mitigation. These policies need to include on-going staff training sessions teaching employees how to protect their mobile devices when on vacation and include tips to ensure that others can’t view their screens when working in public places. Policies should incorporate rules to ensure employees only connect to trusted networks. In addition, procedures must be developed requiring employees to bring old mobile devices into the office for secure destruction.
Second, organizations need to provide the latest and best device protections. Device protections, including, security patches, encryption, and control data back-up. This equipment needs to be continuously monitored for malicious files and be kept up to date.
Third, organizations should minimize the amount of sensitive information that is allowed to be stored on mobile devices. Limiting certain types of data that can be accessed on mobile devices is one way to eliminate the number of data breaches that occur on mobile devices.
Besides implementing these suggested policies, it is recommended that businesses provide travelling employees with the following travel tips:
- Update data protection software on mobile devices before travel.
- Password-protect devices with extra strong passwords.
- Ensure bags and purses are closed to avoid being pick-pocketed.
- Do not leave mobile devices unattended in hotel lobbies, coffee shops or other tourist attractions. This is important. A Kensington research study confirmed that 70 million phones are lost/stolen every year.
- When leaving hotel rooms, it is important to lock devices away in the hotel safe, rather than leaving them out in hotel rooms.
Confidential Paper and Data: With the enormous number of travelers bringing work away with them, steps need to be taken to ensure corporate data is kept confidential. Businesses should remind employees to limit the amount of confidential documents taken on vacation. A virtual private network (VPN) should be used in cyber cafes, public areas and hotels. When on the road, digital documents need to be saved to a cloud service. Finally, employees should ask if the hotel has a document destruction service that can be used to safely destroy confidential documents no longer needed.
Smart Devices: In the financial sector alone, one in four breaches were due to lost or stolen devices. Thieves often re-sell stolen laptops, tablets, iPhone, iPads and smartphones. Yet, the amount of personal and corporate information on these devices make employers particularly vulnerable.
Employees need to be reminded they should set new, strong passwords regularly, and never leave these devices with default passwords. Additionally, these devices need software to be kept up to date, with updates being installed regularly.
Travel Documents: Travelers are a fraudsters dream target due to the large amounts of personal data kept with them. For example, the barcode on boarding passes contains
travelers’ travel itinerary and flyer information. Passports are another target. Travelers should scan a copy of their passport and email it to themselves in the event that theft does occur. Finally, travel documents such as airline tickets, car rental forms, boarding passes and airline tickets should all be shredded when the trip is over.
ID and Credit Cards: Credit cards and personal identification documents are key targets for information thieves, putting individuals at a heightened risk for identity theft to occur. It is recommended that travelers pack only essential ID, credit and debit cards, and only use secure ATMs in public areas. Travelers should shield their Pin when using an ATM machine and monitor credit card activity while abroad. If a credit card is stolen, this should be reported immediately.
With traveling employees being increasingly targeted on vacation, it’s essential for businesses to implement vacation policies that remind staff how to avoid being victims of identity fraud.
Monu Kalsi is the vice-president of Shred-it.