ID Theft Protection Products Help Employers Protect Remote Workers
In March many states ordered non-essential businesses to close their doors and declared that all work that can be done remotely should be. Waves of employees moved from the known safety of their office network to the less certain safety of home wireless routers shoved to the back of closet shelves. Then came the flood of news articles about all the ways hackers attempt to exploit remote workers.
Identity theft protection products have been making their way into the mainstream as a voluntary or employer paid benefit for some time now. But the changes and uncertainty created by COVID-19 have created a spike in demand, as employers look for ways to protect employees from identity compromise and to provide assistance in cases where it's already happened.
ID Theft Protection products move to the mainstream as employers try to protect remote workers from data compromise
Features Of An ID Theft Protection Plan
The features offered by the ID protection plans in the market vary pretty significantly and most carriers have a few versions or levels of coverage you can choose from, all with different price points. In general, the types of protection offered fall into three categories and all start at the same place: you set up an account and show the product what information it's protecting.
Monitoring
The monitoring feature is central to most ID theft protection plans. Any decent product will monitor the three major credit bureaus for inquiries and changes to your credit. Most will also provide you with your monthly credit score and help you take advantage of your once-a-year full credit report.
Some plans take monitoring a step further and look for new accounts opened using your name or Social Security Number. This can be a tough one to detect and is a strong indicator that your identity has been compromised.
A newer feature showing up in many plans is dark web monitoring. This scans sites and back corners of the web that are known for being markets for illegally obtained personal information. And some products are going even further with monitoring, by searching public records, sex offender lists, court records and criminal records for crimes committed in your name.
All this adds up to some pretty comprehensive reporting to alert you when your personal information or identity is being used illegally. But once you know about it, then what can you do?
I often look for features that help prevent identity compromise in the first place
Remediation and Insurance
The more basic ID theft protection products are only going to tell you when something happens: a hard inquiry on your credit, a new account opened in your name. More robust plans give you a way to do something about it and some even offer substantial financial protection from loss, in the form of insurance.
A standard service for responding to fraudulent inquiries on your credit is to provide a way to directly file a dispute or freeze your credit with the credit reporting agencies. A step up from that allows you to do the same with other financial institutions in cases where new accounts have been opened using your identity. And a big step up from that are plans that provide an in-house team to personally walk you through disputing fraudulent uses of your information and help repair any damage done to your finances and credit.
The financial impact of ID theft can be severe, so more and more of these products are bundling insurance into their services. This typically provides up to $1 million reimbursement for lost funds that can't be recovered any other way (like through loss guarantees from your bank or credit card provider).
Proactive Measures
I'm a firm believer that the best defense is a good offense, so when reviewing ID theft protection vendors I often look for features that help prevent identity compromise in the first place. Sure it's great to have all these services lined up to help you deal with an identity breach, but if you're using them it means the breach has already happened. Better to try to keep it from happening in the first place, right?
I'm my firm's information security officer, so I know that the greatest threat to sensitive data and personal identity isn't just the existence of hackers; it's normal human behavior. Workers use computers and are on the internet all day. By doing the things they need to do, and the things they want to do, they expose themselves constantly, there's no avoiding it. But you can put measures in place that help people be less of a risk to themselves.
The stronger ID theft protection products include features that protect users from the risks of being a normal, busy worker. Antivirus and malware protection. Phishing filters. And, my all-time favorite in the "protect people from themselves" category: password managers.
This identity thief knows that your password is your dog's name plus your birthday and that you use it on every account.
You Do This Too And You Know It
All this sensitive information -- Social Security Numbers, bank accounts, medical records -- gets put online and protected by a username and password and then what do we do? We use the same password for a bunch of different accounts, effectively creating a master key to all of them for the taking. Or maybe, feeling clever, we change our password from time to time and take that same old password and add a number to the end. Which is so predictable that now most security experts would prefer that we start with a stronger password and never change it, just to keep you from doing that.
Password managers keep all your passwords in a secure vault and retrieves them for you using a single master password for access. You don't ever have to remember the individual passwords again (or leave them on a post-it note on your computer monitor). They also help you create very complex passwords and warn you if any are too weak, or the same as one you used elsewhere.
This was a game changer for me and one my employees probably got sick of hearing about. When I set up my password manager I found I had 75 different websites that I visited that required credentials to enter. Obviously I didn't have 75 different passwords, I probably had 3. Now I have 75 different passwords but I only need to actually know one, the password manager takes care of the rest. So I'm removing a lot of the risk from my normal human behavior and creating convenience for myself at the same time. As a feature on an ID theft protection product it's worth the cost of the whole plan.
ID Theft Protection Products As An Employee Benefit
ID theft protection plans may be having a moment in the spotlight because of the increased risks of remote work, but these products are ready to take their place in the mainstream as a voluntary or employer funded benefit. We're being asked to include them in our product recommendations as a standard item, especially for employers who already have well established VB offerings. Regardless of where we work, we live our lives online now and the risks to our personal information continue to increase. If you're a benefits broker, employer or HR professional, you can help employees do something about it.