October 2, 2020 | By Nicholas Goodwin, Esq.
“How did that meeting go with the bank?” John asked, stopping by Dan’s door on his way to his office down the hall. “What meeting?”, Dan responded. Confused, John said “The meeting about the line of credit. You sent me an email about it this morning and asked for the W-2 information.” Now confused himself, Dan said “I didn’t meet with the bank, and I didn’t send you an email requesting anything.” “Then who did I send the W-2 information to?!” John the CFO and Dan the CEO were a couple of best friends who happened to found one of the largest restaurant chains in the Midwest together, totaling nearly 6,000 employees, but their lives were about to change forever because of an identity thief.
As crazy as John’s story sounds, this is actually how many modern corporate and business identity thefts play out. In John and Dan’s case, the thieves had carefully constructed an email from Dan, the CEO, to John, the CFO, explaining that Dan would be meeting with a bank in a few hours regarding the company’s line of credit, and that he needed John to upload all of the W-2 information to the bank using the “secure link” provided in the email. The email also told John that the request should be his most important priority, and that he “need[ed] this as quickly as possible.” Because John was “busy,” he wasn’t paying attention to red flags, and didn’t walk 50 feet down the hall to verify the request with Dan. As a result, John uploaded the private information of all 6,000 employees of the company to an identity thief, including his own private information.
We’ve all been there, haven’t we? You get busy, and someone makes a request that interrupts your day. The thieves take advantage of us being “busy.” Whether on the phone, in an email, or in person, they will often use language to suggest urgency or immediacy, hoping that in our haste to get something done, we won’t take the time to pay attention and make sure that what we’re doing is the right course of action. This is why it is so important to have policies and procedures in place on how your organization will deal with personal or sensitive data. It is even more important to follow those policies and procedures. Sometimes it is inconvenient, but as I’m sure John and Dan will tell you, a little inconvenience is worth it in the end. You’re just not that busy.
One other thing to keep in mind; as much as we are educated by TV, radio, and social media ads that identity theft is about credit cards and bank accounts, if you look at the statistics over the past several years, the huge data breach attacks at companies and businesses have not been about credit card numbers, but rather personal identifiers. Thieves can use information just like the W-2 information stolen from John and Dan’s company to obtain driver’s licenses, obtain medical services, and commit crimes in your name – just to name a few. Some of the damage requires the assistance of attorneys and investigators who understand the unique problems identity theft can bring.
What is the “good news” in all of this? You can better protect your company or business by taking some simple steps to prevent careless loss of information, and put in place some preventive measures that will mitigate the damage to you and your employees should the worst-case scenario happen. Walk down the hall and ask in person before sending sensitive information. Pick up the phone and make the call before attending to that email pushing you to respond quickly. Put good identity theft protection in place before the thief strikes to protect you and your family, just as you would with car or homeowner’s insurance. When you shop for good identity theft protection, make sure it does two things very well:
- Monitors the things that matter such as your driver’s license (at all state DMVs), passports, medical IDs, changes of address (at the post office), county courthouses to make sure you know when activity happens.
- Offers “power of attorney” restoration services by experienced investigators who do this for a living.
We call it “find it and fix it” protection. Warning: Not all identity theft protection is the same, so read the fine print. But if your coverage offers these two protections, you’ll be in good hands when an identity thief strikes.
And if you would like help protecting yourself and your business, or you just find yourself confused about the issue, feel free to call us here at DataGuard Partners. This is what we do for people and businesses every day!