By Judith M. Collins, Ph.D.

Identity theft has become a corporate challenge, but you can protect your data and your business.

Identity theft is growing, and with the increasing potential for serious consequences, business executives need to have this threat on their radar screens.

Bear in mind that a single person rarely perpetrates identity theft. Our research shows that about 60 percent of identity thieves operate in rings. A single person may steal the information, but the data is then distributed to others. What's more, identity theft is seldom a single incident. The theft itself is the first crime, but the fraudulent use of the identity may take place again and again before the crime is discovered.

Here’s another reason to pay more attention to identity theft. If you assume that identity theft won't make your customers think twice about doing business with you, consider this: One of the first questions victims ask when they contact us is whether they should change banks or credit-card companies or retailers. (We tell them no.)

As the number of consumers who do business electronically continues to grow, we hear more people say that they no longer shop or bank online because they're afraid of having their identity stolen.

What to Do
Forget about the notion that there's nothing you can do about identity theft. By taking a few practical steps, you can go a long way toward circumventing this pernicious crime.

Two key reasons for the burgeoning rate of identity theft are ignorance and apathy. We hear about high-tech tricks such as phishing and low-tech approaches such as dumpster diving and assume that most identity theft occurs one consumer at a time. But our research shows that up to 70 percent of identity theft occurs within companies.

What's more, we're engaging in business practices that vastly increase the risk of insiders stealing identities. As we conduct a greater portion of our business electronically and outsource potentially millions of jobs to other countries, we become increasingly vulnerable to misuse of sensitive information.

The solution is twofold. It’s not enough to invest in the appropriate level of IT security. It takes a combination of technology and procedures to prevent identity theft by dishonest employees or vendors—the most likely perpetrators. Even when the crime is committed by outside hackers, it's usually in collaboration with insiders.

It’s important to develop and implement policies that will result in safe business practices and an honest corporate culture.

That starts with recruitment. Many perpetrators of identity theft are temps who take jobs specifically for the purpose of stealing data.

Here’s a typical case: Several years ago, a leading carmaker hired a temporary worker in an entry-level data-management position. On the last day of her assignment, she printed the names of numerous company executives—along with their addresses, Social Security numbers and salaries—and took them with her.

Sometimes a background check isn’t enough. A few years ago, a major financial services provider contracted with a risk management firm to vet a job candidate who would handle sensitive information, including the investment accounts of millions of employees. Two months later, the employee stole thousands of names and other information. Afterward, the company learned that in 2002 she had been convicted of embezzlement—even though she had passed a background check.

Such workers may have even passed a criminal-record check. Many companies check backgrounds by culling records in known states of residence. But identity thieves tend to move around a lot. What's more, data brokers often don't update their information. I have checked the names of known perpetrators against criminal records databases, and they have come up clean, too.

Tip List
There are other strategies to prevent identity theft within an organization. Here is a list of tips based on identity-theft incidents we’ve investigated:

• Employees with sensitive data on their machines should lock their computers before leaving their desks
   
• Move printers to inner offices and away from corridors
   
• Move fax machines to inner offices
   
• Retrieve faxes when received
   
• Employees should make sure documents are shredded before leaving the shedder
   
• Lock filing cabinets
   
• Do not leave sensitive identification information, such as Social Security numbers, in voicemails
   
• Change passwords often

Although thorough background checks and other measures are expensive and long term, the cost of preventing identity theft is far less than the cost of recovering from it. And a strong anti-identity-theft program will empower customers as well as employees.

Therefore, identity protection needs to become part of your budgeting process and integral to how you do business. That's because identity theft is a crime whose impact can be felt far into your organization's future.