As open enrollment season continues, employers are considering adding a new employee benefit that has grown in urgency since the hybrid workforce became a reality in the COVID-19 pandemic: identity theft protection. According to a survey from Willis Towers Watson, 78% of employers will offer ID theft protection as an employee benefit by 2022.

Advertisement

What does this mean for HR leaders?

Unauthorized access of employee personal accounts is one of the biggest causes of employer breaches—often due to employees using the same passwords on both private and work accounts, says Kristin Lewis, senior vice president of product and strategy, employee benefits, for identity protection solution provider Aura.

“Employers have an obligation to protect employees online, both to reduce the risk to the business and to ensure their wellbeing by protecting some of the things that matter to them the most: their identity, money, assets, online privacy and reputation,” Lewis says.

Related: 7 steps HR needs to take today to beef up cybersecurity

Identity theft and financial fraud protection services monitor for the unauthorized use of employees’ personal identifiable information, such as Social Security numbers, bank account details, passwords, medical information and related information. A digital security solution would alert employees whose information is being used so they can take the appropriate action—whether it’s changing a password, freezing accounts or addressing fraudulent unemployment claims—to ensure their information is safe. 

These services can also help by automatically identifying and changing passwords that have been compromised in data breaches or helping contact relevant sources such as banks or creditors for individuals if their identity or data is at risk. Many plans also include an insurance policy to cover eligible losses and fees due to identity theft and fraud, explains Lewis.

With more employees working remotely, there is an expanded landscape for social engineering scams, particularly those that impersonate HR or executives inside an employee’s organization. “An effective scam could be a phishing text that appears to come from an executive communicating a new policy or company update regarding COVID-19. By clicking on the link and entering personal information employees could be opening themselves up to identity fraud,” says Lewis.

Employers are realizing the importance of protecting employees online regardless of their location or the device their employees are using. According to Lewis, “accessing unsecured Wi-Fi, letting family members use devices that are also used for work purposes, downloading software or clicking on links from unknown senders can accidentally put employers and employees at risk of cybercrime.”