Let's take a few minutes to talk about one way to give our employees tools to make better security decisions and improve the security of their finances.
A somewhat new form of identity fraud has been in the news lately: Tax Return Fraud (Krebs)(Fox)(NY Post)(Bloomberg): Bad guys are sending in tax returns using other people's information so they can claim a refund first. The IRS estimates that they sent out over $5 billion in fraudulent returns last year. Imagine how you would feel, tortuously completing your tax return only to get a message back from the government saying, "Sorry, you already got your money back." 60 Minutes did a good story on this last year and featured the story of one person who did an average of 15 returns a day with a modest return of 2-4 each time, resulting in almost $45,000 in profit every day. This is a big issue that the IRS is working to try to solve, but if a fraudster is successful in using your information, the burden to prove the truth and clean up that situation is entirely on your shoulders.
Unfortunately, while it is important to know about this type of identity fraud, currently the best way to defend against it is to file your taxes as early as you can, and that still leaves a good window of opportunity for the bad guys. However there are many other kinds of financial and identity fraud out there--by far the most prolific is still the creation of new credit accounts in someone else's name or unauthorized use of existing credit accounts--and the best defense against these other forms is credit monitoring.
The Federal Trade Commission requires each of the three credit reporting agencies to provide you one free credit report each year. You can get those reports at www.annualcreditreport.com. Do not confuse it with the myriad competitors out there, this is the only FTC-authorized website to get your free credit report. The others give you your first one free, but usually you are also automatically signed up for a fee-based credit monitoring service. Even www.annualcreditreport.com tries to up-sell services to improve the efficacy of credit monitoring, so you have to look closely for the text link that gets you to your credit report without signing up for more.
When somebody does not have an active credit monitoring service, I recommend that they pull one of their three free reports every four months: in February (after the bills from the holidays come in), pull the report from Experian; in June, grab the report from Trans Union; and in October (before the shopping season starts), get the report from Equifax. This gives a pretty good view of your credit all year and is entirely free.
But even though this resource is available and easy to use, most people either don't know about it or only bother to check every few years. So now let's shift tone from what you as an individual can do to what we as employers can do to help.
We, as employers, can help provide a better way. Consider offering credit monitoring as an employee benefit. Financial health monitoring right alongside physical health monitoring. It doesn't have to cost the enterprise anything more than the administrative costs to maintain the program. It can be offered as an employee-funded option on a pretax basis. I have seen organizations negotiate directly with one of the three credit reporting agencies for prices in the $10 range for credit monitoring all year, a very small out-of-pocket expense for the peace of mind of knowing that their credit is being actively analyzed and an alert will be pushed to them if something changes.
Organizations that have cyber insurance should consider working through their provider to negotiate the price, as this will likely result in a better cost for the credit monitoring itself and may result in lower insurance costs depending on your provider. (This is a measurable positive element in security programs when viewed from the perspective of cyber security insurance underwriters.)
Credit monitoring helps to empower our people with better protections against threats to their financial health. They are alerted as the earliest possible moment to issues that may be surfacing. Timely information allows for timely response, easier defense and clean-up and, thus, more Convenient Security.