A couple of years ago, Cosaint rolled out a course called "Avoiding Identity Theft". Since that date, most of our clients have picked it up and provided it to their students and it’s been very well received. But sometimes, when talking to prospects, their initial reaction to the course content was less than positive – typically "… it’s not our responsibility to help our staff at home".
I think that they’re wrong for three very important reasons.
Reason 1: An Identity Theft Could Lead to an Attack on You
If one of your staff loses his/her identity to a criminal, it’s possible that their identity could be used in an attack on your organization.
Reason 2: Identity Theft Leads to Lost Working Time
If one of your staff has his/her identity stolen, it’s going to take them a considerable amount of their time and attention to sort things out. And that’s going to distract them from their work.
Reason 3: Good Security at Home = Better Security at Work
This – to me – is the biggest reason. If you train your staff about basic security measures in a way that directly impacts them, they’re going to sit up and pay attention. And, if they’re used to shredding sensitive documents, using strong passwords, and looking out for phishing attacks at home, they’re going to bring that attention and understanding to work with them. That will make your life much easier.
I really believe that organizations should treat people’s concern about identity theft as an opportunity to expose them to good information security practices in a way that they can readily understand and appreciate.