'Using these services will become a very important part of employment management'
HR departments have struggled to successfully welcome new workers during the pandemic, and often ask people to scan and email personal ID to prove their identities.
But this is fraught with many risks, according to Andre Boysen, chief identity officer at SecureKey Technologies in Toronto.
“This is a very bad idea because you don’t know who you’re giving your data to and, more importantly, you don’t know how they manage the data once they’ve got it. [The employer now has] all the information they need to take over your identity and so scanning a driver’s licence and doing a selfie is actually quite dangerous.”
Instead, employers should rely on services that validate independently a new employee.
“What’s emerging — and this is where HR is going — there’s going to be consumer identity services. Today, if I want to buy something online, I use a card from the bank and we can go to the merchant and get what we want: identity is starting to emerge this way,” he says. “So you’ll be able to use an identity service to verify [the person’s] identity.”
“[It’s] going to lower your costs and the consequences of hiring a fraudster will also be dramatically reduced.”
This service can be used for the lifecycle of a worker, especially in the post-pandemic world where many employees still work from home. That involves benefits, password resets or even the employee alumni organization, says Boysen.
“Using these services will become a very important part of employment management: pre-employment, during employment, post-employment; digital identity services are going to be a growing component of the HR strategy of managing employees.”
Cyber risks at home
Other risks endemic to our modern situation include employees working remotely via a shared family computer, says Boysen.
“Maybe you have young kids at home and they’re downloading different things that they want to do education on or gaming or whatever; you’re starting to get commingling of work environment with home environment, which needs to be watched very carefully.”
Ongoing education about cybersecurity best practices is critically important, he says, as a social engineering attack is a common way for criminals to break through an otherwise-conscientious employee’s defences.
“[It’s about] having your guard up but anything where urgency is the primary thing that’s going on is usually an indicator that you’ve got a good opportunity for attack.”
One of the ways to mitigate the risk is by purchasing cyber-insurance which helps pay for damages caused by cyber-attacks, according to Boysen. But it’s not a foolproof option as employers often find out after a breach that that their policy doesn’t cover that risk, so it’s about carefully reading the policy and knowing how a business should work on protecting itself, he says.
“Because the threat landscape is evolving so quickly, what the insurance policy will underwrite today may not cover the risks that emerges tomorrow. It’ll only cover you for known risks, not things or threats or risks that haven’t been invented yet.”
The pandemic has created an environment where fraud risks are increased because of the rise of remote work says one expert, in talking to Canadian HR Reporter.
Creating a “culture of security” involves helping employees understand how security affects them and their jobs, and accepting their role as the front line of security, says another expert.