UBP blog


“Tis the season for giving”, just be careful who you give to and how

With the holidays just around the corner, just about everyone is in a giving mood. Now more than ever we find ourselves dropping our extra change in the Salvation Army bucket outside the grocery store or giving that extra dollar to St. Jude’s whenever we buy something at CVS. Unfortunately, identity thieves are out there taking advantage of all this goodwill.

Every year, natural disasters such as floods, hurricanes and wildfires cause many people to lose their property, homes, loved ones or even lives. Thankfully, there are many compassionate people who donate a great deal of time and money to charities that help these victims. Several identity thieves are taking full advantage of this eagerness to help and are using it as an opportunity to capture personal information of unsuspecting individuals.

These scam artists pose as legitimate charitable organizations and send emails out with links to very legitimate looking websites. When individuals click on the sites, they’re asked to submit personal data such as credit card and social security numbers. On top of this, many of these emails contain attachments that when downloaded, install spyware and viruses that are designed to collect sensitive data from individuals’ computers.

To keep the holiday season merry and not fall victim to identity thieves’ charity scams, you and your employees both should take the following precautions:

  • Only make charitable donations to a known organization using a published phone number, address or website.  Also, always make donations directly to the organization, never through a third-party.
  • When you donate to a charity online, always go directly to the charity’s website by typing the URL in your browser or searching for the charity’s name on your search engine.
  • Use various Internet search tools such as Google and Yahoo to verify the legitimacy of the charitable organization before donating to them online.


If you get an email from the “IRS” on the Making Work Pay tax credit, do not reply!

Filed under: Uncategorized — ubpblogger @ 11:56 am
Tags: , ,

Your identity might be compromised or even stolen. There are scam artists lurking out there in cyberspace posing as the IRS and sending emails explaining how you can get tax credit refunds directly deposited into your bank account. The fraudsters ask individuals to reply with their bank account numbers, which they then steal.

How do we know these emails are fraudulent? Well, the reason why is a simple fact. That is, the IRS never initiates conversations with taxpayers via email. Employers should keep this in mind and make absolute certain to tell employees this as well.

What the fraudsters are doing is called phishing.

Phishing emails tend to come from a well known entity (i.e. the IRS or a large bank that everyone has heard of). In almost all cases, the phishing emails will tell you to click on a link to a website. When you get to the website, it will ask for your personal information (i.e. credit card number, bank account number or SSN).

What should we do if we get one of these phishing emails?

 The IRS has asked us to forward any suspicious emails to the address phishing@irs.gov.


What steps have you taken at your company to ensure that terminated employees are immediately denied access to personal information?

Newly terminated employees are among the many individuals with a motive to commit identity theft, not limited to the theft of personal information of any employee, customer, and/or contractor of his or her former employer.

According to the Massachusetts Information Security Legislation effective 1/1/2010, ALL Massachusetts employers must:

  • Immediately block terminated employees’ on-site and remote access to personal information. This includes deactivating their passwords and usernames.
  • Require terminated employees to return all records containing personal information.

These measures are just a small part of the comprehensive Written Information Security Plan (WISP) this new state law requires companies to create spelling out all of their administrative, technical and physical safeguards for all records containing personal information on Massachusetts residents.

To learn more about the law, creating and implementing a WISP, my company will hold free educational webinars. To register, please visit the events page of our website.

Benefits identity theft skyrockets. Are you safeguarding personal employee data in your HR department?

Filed under: Massachusetts encryption law — ubpblogger @ 9:26 am
Tags: , ,

The Problem:

In 2008, a record 79 million identity thefts occurred in the United States. According to a report by the Alexander Hamilton Institute, an estimated 50-70 percent of these thefts happened in the workplace. Employee benefits documents—and employee files in general—contain all of the information necessary for an information thief to steal someone’s identity.

Benefits identity theft can come both from within the company (i.e. a temporary employee working in HR who has access to employee information files a reimbursement account claim as someone else) or from outside of the company (i.e. an employee’s online statement gets hacked and the hacker wipes out all of his or her retirement savings with the click of a mouse).

What the experts suggest:

Benefits identity theft is a problem that employers often overlook until it is too late. Employers should therefore create and put into place a policy for the safe handling of sensitive data, from its collection to its disposal. All paper personnel files should be secured with combination locks. If your company maintains electronic personnel files, work with IT to ensure that all such records are encrypted and password protected.

To protect your employees from reimbursement account theft, you should keep signatures of all employees on file so that you can be prepared to audit a suspicious looking reimbursement check. You should run reports of your company’s newly-terminated employees so that you can audit cancelled reimbursement checks in their names. For greater protection, only send reimbursements through direct deposit to an account that you have verified belongs to the correct employee.

Enhanced, double-encrypted HRIS solution FOR FREE:

The HR in a Box™, Universal Benefit Plans’ A to Z HR and benefits management solution, is a dual-encrypted time- and cost-saving tool for small-to-mid size enterprises. With The HR in a Box™, not only will your company eliminate the time-consuming and costly practice of manual benefit administration, you will also be able to rest assured that all of your employee benefits data is secure. The HR in a Box™ also generates reports of employees terminated as far back as you want them, making the process of auditing cancelled reimbursement checks an easier one.

To learn more about how having The HR in a Box™ can help your company or to schedule a free product demo, visit http://www.universalbenefitplans.com.

Encrypting employee information and identity theft

Filed under: Massachusetts encryption law — ubpblogger @ 8:30 am
Tags: , ,

Although 42 of our 50 states that have passed what are called, “data breach notification laws,” Massachusetts is definitely leading the charge on the issue of safekeeping critical information, and seemingly, for all benefits reform in the U.S. Massachusetts has legislated that encryption of all critical employee data be accomplished by 2010. This could save millions of dollars (and thousands of families) by virtually ending identity theft in the workplace. But is it worth the burden on corporations, both in time and financially? Are we asking too much? How are overtaxed, understaffed employee benefits teams to accomplish this?

Although one of the biggest issues for organizations and their employee benefits teams right now is that a critical data breach almost insures that you’ll be slapped with one (or more) class-action lawsuits – thus becoming a huge liability issue – the costs of preventing such a breach (i.e., identity theft) can be huge. With millions of records already lost and millions more at risk  there’s simply no way to get around the fact that encryption of records MUST be part of a comprehensive data security plan.

Why? Quite bluntly, anyone who’s been – or who knows someone who’s been — the victim of identity theft will tell you that it’s an awful, horrible crime – and trying regain their status and protect themselves in the future is like a never ending nightmare. The amount of personal data collected by employee benefits teams and human resources departments is, by necessity, enormous. Protecting those individuals MUST be a top priority, and if the nation follows the lead of Massachusetts any time soon, it will be.

If you’re fortunate enough, you may find that your insurance broker is actually able to maintain all of your employee data and handle the encryption issue themselves, thus protecting your employees AND your company from the nightmare of identity theft and the liability that goes along with it

Blog at WordPress.com.