If someone burgled your house, you’d call the police. But what if someone stole your identity? You become one of the many victims of an escalating crime in Indian workplaces today - identity theft. Identity theft refers to crimes in which someone unethically obtains and uses another person’s personal information. About 950,000 Indians work in BPOs that handle credit card and bank account information, as well as manage insurance and medical records, and other sensitive data. So it becomes even more imperative for organisations to address this growing bane.

   The ‘identity thief’ at your workplace could be anybody - the most competent manager, the temp who joined yesterday or the colleague you share your desk space with!

 

 

Experts say that identity theft is the fastest growing workplace crime in India. Much of a company’s data is amassed and processed by e-mail and is exchanged with business associates through the net. Rival companies often access employee passwords to defame an organisation. They do so by hacking corporate databases or illegally accessing private customer information via spurious websites. Identity theft has become easy since security experts confirm that there are possibly thousands of websites that exist solely for the purpose of stealing, buying, and selling ID’s. Today identity theft is a massive industry and the revenue generated is unimaginable.

 

“The security of private information may be at risk owing to the nasty intentions of some disloyal employees,” says Nandkumar Sanglikar, senior GM (Public Affairs), GlaxoSmithKline Pharma. “When a criminal (employee) has gained access to a customer’s account number or a credit card password and is taking out loans in the customer’s name, the employer has to think about how can (s)he try to limit the damage done to the organisation’s reputation caused by a single employee’s actions,” says Vinod Nair,HR (head), A T Kearney.

  

Organisations that become regular victims of identity theft will find it difficult to maintain the trust of customers, suppliers and stakeholders. Sandeep Sawant, VP (Productivity Services), Geometric Software Solutions India agrees, “If your name gets associated with a security breach that allowed the disclosure of personal information, you lose your reputation. You may even get involved in a lawsuit that can make matters worse.” Consumer confidence in conducting business online is also decreasing due to ID thefts.

 

 

“The consequences of ID theft are loss of competitive pitches, disclosure of regulated information, network intrusions, tarnished brand image and loss of business,” says Pillai. Several companies are in the process of doing a benchmarking survey to enlighten companies on the importance of BS7799-2.2002 certification (a certification that gives recommendations to information security management for implementing and maintaining security). But some employees may argue that implementing security policies can lower motivation levels due to intrusion of employee privacy at the workplace.There should be attempts to balance employees’ right to privacy against new threats to their security and the privacy of their personal data. Pillai says, “Access to employee computer files is not ethical, as we believe that each person should have their individual working space. At the same time there has to be some checks installed in the security policy.”

 

 

Realistically, experts agree that many security policies are ineffective. To be effective, a security policy should be consistent, relevant, and implemental. Hence many organisations are putting proactive security policies in place. Sanglikar poses three major questions every employer must ask himself to avoid identity thefts :

   Is database access audit or password controlled?

   Do you publicly exchange confidential company information in your workplace?

   Do you conduct regular employee background checks?

  

Watchguard conducts auto filtering of documents while Geometric Software Solutions has stringent polices. Kulkarni says, “The computers at Geometric don’t have floppy drives or CD ROMs, thus making transfer of any company information outside the company premises impossible. The volume of the data that can be transferred is also tightly controlled and we also have an employee represented ‘security committee’ that conducts regular inspections.”

  

Identity theft can have devastating consequences for the victim, who may face long hours in the identity-recovery process. It is therefore imperative to have a security plan that calls for more self-regulation within companies. Remember, identity thefts are not petty cyber crimes. These are outright day light robberies. The convicts are not high tech thieves but manipulative employees. To employees, security policies may be a nuisance, but for a progressive organisation, security shouldn’t be treated as humbug. It is a smart business move.

(Illustration by Sachin Varadkar)

Rate me....	Mail this articlePrint this article
Share Share Share Share