No matter how careful you are with your passwords and personal data, you could still be the victim of identity theft if your company doesn’t take similar precautions.
Nearly a third of companies aren’t taking basic steps to keep the data of their employees safe from hackers and ID thieves, according to a new study from security vendor Sophos.
The report found that more than 40 percent of companies don’t always encrypt sensitive employee human resources information, and nearly half fail to encrypt the healthcare records of their employees.
Related: Medical ID Theft is a Way Bigger Problem Than You Think
That’s particularly alarming, given that medical ID theft, in which thieves steal your Social Security number and health insurance information in order to fraudulently obtain medical services or treatment, is skyrocketing.
“While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it,” Dan Schiappa, Sophos senior vice president and general manager of end-user security, said in a statement.
Of the U.S. companies that do use encryption, more than 20 percent don’t always secure employee bank details. Three-quarters of companies surveyed admitted that they need to improve their methods of encrypting and securing employee, customer and employee information.
In 2014, 17.6 million people, or 7 percent of the U.S. population, were victims of at least one incident of identity theft, according to the Bureau of Justice Statistics. If you think you’ve been the victim of identity theft, place a fraud alert on your cards and pull your credit reports to see whether there’s been any suspicious activity.
