Identity Theft: Do Your Employees Have Too Much Access?

About a month after a woman was hired to help with receptionist duties, accounting, invoicing and filing at a small Midwest shipping company, she started calling in sick.

When she was out, packages started arriving that were addressed to unknown recipients. Her boss sent them back. But on another day when the receptionist was out, a delivery person told the owner that one of the reclaimed packages was part of a potential fraud investigation. His records showed the receptionist had signed for the package a few days earlier.

The receptionist was immediately terminated, the business owner told Fortune Small Business magazine, which featured the story in a series of articles on “employees from hell.”

The next week, the office received a letter from a credit card company addressed to a former employee, who told her old boss that her identity had been stolen a few months prior.

Turns out, the fired receptionist had dug through employee records to steal identities and open credit card accounts to buy items that were being delivered to the office. And her absences? She needed her sick days to appear in court on other identity theft charges.

A recent study by Javelin Strategy and Research said that 8.4 million U.S. adults suffered some form of identity fraud in 2006, down from 10.1 million in 2002, the New York Times reported. The Federal Trade Commission and the Los Angeles County Sheriff’s Department, which operates an aggressive identity theft task force, also said it is leveling off.

To combat the ID theft problem, the Midwestern company in the Fortune Small Business example decided it would not allow new hires to have access to personnel files, which are now kept locked. Personal information has been removed from invoices. The company offered free credit-fraud alerts to all current and former employees. And, the company now keeps a lawyer on retainer to deal with personnel crises.

While in this case, the records involved paper files, the array of technology devices available make data theft from the workplace even easier. Consider the USB memory stick or an iPod. Because they can hold so much data, they are being used to copy files from corporate networks. So-called ‘pod-slurping,’ involves using a computer program to download vast amounts of data to an iPod in minutes, ElectronicsWeekly.com reported. Cameras and MP3 players are being used as well. Some companies and governments that need sensitive information have banned mobile devices as a preventive measure.

You may like these other stories...

Anti Burger Kings: Seven US companies shrinking tax the old-fashioned wayBurger King’s decision to combine with Canadian donut shop Tim Hortons is renewing controversy over the lengths some US companies will go to...
Accountants without a succession plan are hurting not only themselves but their clients as well. Here are seven ways to see your practice continues after you retire—some of them are better than others.What Are Your...
Boehner, Camp profit from corporate bid to avoid US taxesRichard Rubin of Bloomberg reported on Tuesday that House Speaker John Boehner (R-OH) and House Ways and Means Committee Chairman Dave Camp (R-MI) profited from a...

Already a member? log in here.

Upcoming CPE Webinars

Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.
Sep 26
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.