Are your employees' secrets actually secrets?
Determining if a website visitor, email sender, or phone caller is really who he claims to be is challenging. Many identifiers that historically have been used to verify identities have been leaked, stolen, or can easily be found in public directories—as recent security breaches have reminded us. Social Security Numbers, birth dates, names, and addresses can all be found readily online or purchased for little cost. Armed with these data elements, an unauthorized individual could potentially abuse employee self-service systems that rely on these data elements being secretive. One method CIC Plus has developed to help protect against this abuse is called “Trusted Contacts.”
Trusted Contacts allows a company to send trusted contact information provided by the employee to providers such as CIC Plus, which is then used to verify account registrations on employee self-service portals. During the registration process, after a user has provided some identifying information, the employee will be asked to choose from one of the available contacts – up to three phone numbers or email addresses – and receive either a phone call or an email message with a six-digit code. The code must be entered into the form to complete the registration process. This helps ensure the employee is contacted to confirm that the account registration is valid and prevent identity thieves from misusing stolen secrets.
For our clients, CIC Plus strongly recommends using Trusted Contacts and would like to help your organization implement this important safeguard to help protect your employees against identity theft. Even if you do not have contact information for your entire employee population, the service can still be enabled. Please contact your CIC Plus account representative to learn more and begin the implementation process.