Identity Theft: An Inside Job | eWeek

Identity Theft: An Inside Job

Jun 20, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Companies that engage in financial transactions are bound by law to establish and enforce information security programs to prevent identity theft. However, current laws focus primarily on IT security. Certainly, IT security is essential, but IT security alone is insufficient. Why? Because computers and network systems do not steal identities—people do. Recent research at the Identity Theft Crime and Research Lab at Michigan State University, and since corroborated in several other studies, indicates that most identity thefts occur in the workplace.

Contrary to common thought, most identities are not stolen by Dumpster divers; by robbers of mailboxes, autos and homes; or by purse and wallet snatchers. Most identity thefts are committed by contract workers in entry-level jobs. Many times, these hires are selected via outsourced staffing agencies that fail to use adequate screening. These workers arent the only internal threat. Suppliers and vendors with access to pass codes, passwords, or departmental and building key codes are often culprits. And upper management can also be guilty.

In addition, outside hackers often work with inside predators. These insiders comprise the relatively few workers who steal co-workers and customers identities. In addition to IT security, therefore, a comprehensive information security program must include personnel security.

Unfortunately, traditional personnel management is outdated for 21st-century business problems. Today, every facet of the personnel function must include security procedures, beginning with personnel recruiting and including personnel selection, acceptance of the honest company culture, and recognizing employees who support the internal security of personal information.

But IT security and personnel management security are still insufficient. A comprehensive information security program must also secure work processes. An information work process involves tasks performed across job positions that require knowledge of personal identifying data.

An example is bank loans. From initiation by the consumer to final approval by the bank officer, several job positions have access to the customers personal data. Information process risk assessments can identify a departments information work processes, identify susceptibilities to theft in those processes and propose ways to secure work process weaknesses.

I recommend the formation of teams of employees and managers to handle personnel management and work process security. When these corporate activities are addressed, together with IT security, businesses can know they have done all things possible to prevent identity theft.

Judith M. Collins is a professor at the School of Criminal Justice, Michigan State University, and author of “Preventing Identity Theft in Your Business: How to Protect Your Business, Customers, and Employees.” Free Spectrum is a forum for the IT community and welcomes contributions. Send submissions to free_spectrum@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.