A typical scenario involving identity theft would see someone calling up a secretary or personal assistant and impersonating the CEO. An invoice needs to be paid or corporate files need to be transferred urgently, they would say.
Since the voice sounds like the CEO and gives the right details, the secretary may be willing to forego proper company procedure and just complete this seemingly pressing matter.
The sense of urgency offered by the caller batters through the proper protocols and gives easy access to confidential data and corporate finances.
The good news is that HR plays a vital role in preventing this kind of situation, Susan de Silva, partner at Bird & Bird, told HRD
“From an HR perspective, the risk to a company is not just the external threat (which it may have little control over), but the internal risk of allowing an employee to deviate from a policy or procedure without proper authorisation,” she said.
In the example of the CEO above, it was not the identity theft alone which caused the loss; it was also the secretary’s failure to comply with company procedure.
“We think most employees who receive a call similar to the CEO's case – which requires deviation from procedures – would become suspicious,” she said, “particularly if it involves money or disclosing confidential information and is a departure from the caller's normal respect for the company's processes.”
The HR lesson here is that having the right risk management culture is ultimately a company’s most effective protection against dangers such as identity theft, de Silva added.
“There should be leadership support for well-designed, comprehensive policies and procedures which are regularly reviewed and improved, that do not allow by-pass without rigorous approvals or checks & balances.”
This support should also be coupled with regular training and communication on policies and procedures that promote full understanding and respect amongst new and existing staff, she said.
HR employees arrested in S$2.9M fraud case
Honest HR manager fired for following rules, lawsuit claims
Six ways to catch resume lies
With complete control of a company’s finances and access to confidential information, a CEO is an obvious target for identity theft. What can HR do to eliminate this threat and protect both their boss and the business?