Protecting PII in the Days of COVID-19

Identity Theft has been a problem for a long time.  Everyone has heard horror stories about identity theft.  You may know someone who has suffered from identity theft or worse you have suffered identity theft.  But did you know that the problem has been made worse because of the pandemic?

The FBI reported 40,000 cases of identity theft in all of 2020.  If that wasn’t bad enough, in 2021 they have already logged over 30,000 cases just in the first four months.  That is increase is very alarming.  According to the Federal Trade Commission, they reported 444,344 identity thefts in 2018, 650,523 identity thefts in 2019, and finally 1,387,615 identity thefts in 2020.  The statistic shows a steep increase in 2020 over 2019.  Early data from the FBI shows that the increase in 2021 over 2020 is even steeper but those numbers are not yet in. 

Why the steep increase?  Especially at a time when more focus has been placed on protecting identities.  All the sources we looked at are pointing to the pandemic as a major cause.

One reason for the increase in identity theft is so many people are now working from home.  The shift from an office environment where the employer had more control over the security posture to working from home where most people, who do not have a lot of training in computer security, have left themselves open to cyber intruders.  Mr. Michael Pagano, who was identified in a recent Spectrum News 13 article referred to the new working from the home environment as the “wild, wild west.”  He is right!  Without adequate protection, at-home offices can be silently entered by nefarious individuals from anywhere in the world.  It is a truly scary situation.

The weaker security posture has allowed the “bad guys” to have a field day hacking into the victim’s computer. Calls can be made which sound legitimate because the information that the “bad guys” have already obtained is correct.  Even knowing the names of friends and relatives can allow the “bad guys” to take advantage of the victims.

Because people have been working from home, they have been more susceptible to scams such as unsolicited sales calls, fake requests for charitable donations, calls from fake bank personnel, and more. 

Another pandemic-related identity theft problem stemmed from the “bad guys” applying for and receiving government aid meant for individuals and families suffering because of COVID-19.  In fact, there was a 2,920% increase in identity theft where victims indicated that their personal information was used to illegally obtain aid from the federal government.  As quickly as the government had to release trillions of dollars in aid there was bound to be fraud, and there was, lots and lots of fraud!

With the increase in home shopping due to the pandemic, it has been easier for the “bad guys” to obtain credit card numbers complete with security codes and expiration dates.

Information fraudulently obtained can be used to obtain driver licenses, and other government ID’s including passports.  Once federal IDs are obtained, then all kinds of crimes can take place such as obtaining and abusing credit, stealing Social Security benefits and other retirement benefits, stealing mortgages, stealing tax returns, etc.  Even kidnappings can happen because the “bad guys” can pose as family members at schools and daycare centers.

Do Not Become a Victim

employee profile checking

There are several actions that you can take to reduce the possibility of becoming a victim.  Are you working from home?  Are you using a VPN when you access the network at your place of employment?  If you are an employee, encourage your employer to provide you with a VPN connection to their network.  If you are the employer, at the very least you should be providing a VPN connection for all your employees.  Remember if your employees are using a simple work-from-home network connection that does not have adequate security features, the workplace network is also being placed at risk.

New scams are created all the time.  Employers need to stay tuned to the technical and security press paying attention to new scams.  Make sure that all employees are aware of any new threats.

New scams are created all the time.  Employers need to stay tuned to the technical and security press paying attention to new scams.  Make sure that all employees are aware of any new threats.

Employers need to stay vigilant in keeping all their software up to date.  This means both the employer’s software as well as all the software used by the employees.  If an employee is using their own computer when working from home (which we do not recommend), it needs to be kept up to date.  If the employee’s own software that is used to access the office network, is not up to date, then it is placing the employer’s network at risk. 

Using company-supplied laptops can be much less costly than the damage that may be done if the employee uses a personal computer that is not secure.  A company-owned laptop using a VPN can be placed on the network as a remote device.  That way the same business rules applied to office computers can be applied to the company-owned remote laptop.  The company will be in the loop to ensure that the laptop’s software including the anti-virus software is kept up to date.

Companies should have password policies that require strong passwords.  Passwords should either be changed frequently, or a two-factor authentication (2FA) scheme should be used. 

Some companies are providing subscriptions to identity-theft protection services as a company-provided benefit.  This can directly protect the employee and indirectly protect the employer.  It is a good investment.  An employee that has become a victim of identity theft will at least be distracted and at worst be financially affected and under a great deal of stress which will affect performance.

The employee will likely be responsible to acquire and maintain their own router. Routers should implement a NIST-recognized encryption scheme.  The employer’s IT department may want to consider setting standards for the brand and model routers that are acceptable.  As inexpensive as routers are these days, the employer may also want to supply a router to the employee.  Do not forget to change the router’s default passwords.  All “bad guys” know the default router passwords.  They also know that most people never change them.  If it is not changed, then the router may very well become the weakest link in the overall security posture.

Although the advent of the pandemic may not have necessarily increased email traffic, emails remain a big security hole used by the “bad guys.”  Although previously said, keep all your software, this includes keeping your email client up to date.  Beyond that, do not open emails from people you do not know.  Most email clients have a viewer that allows you to see the email before you open it.  If you receive an email that you are tempted to open, don’t!  But if you can view it in the viewer, attempt to call or email the sender to see if they really exist and if the email you received is legitimate.  Make your best judgment call and then either open the email if you believe it is safe or delete it if you aren’t sure.

Security is an everchanging problem.  We would be glad to provide individualized assistance if that is desired.

Sources:

Federal Trade Commission, “Protecting America’s Consumers,” February 4, 2021

Spectrum News 13 Orlando, “FBI warns pandemic created a pathway for identity theft,” July 8, 2021

AARP, Money, “Pandemic Proves to Be Fertile Ground for Identity Thieves,” February 5, 2021

Comparitech, “Identity theft facts & statistics: 2019-2021,” August 23, 2021

Recommended Posts
Click to Call