Many cases of identity theft can be traced back to janitors or cleaning crews. So what can companies do for identity theft protection?

In the case of a Nigerian cleaning crew, the first identity theft risk the company who hired them made was not requiring its cleaning subcontractor to run background checks on all of its employees, said Philip Deming, president of Philip S. Deming and Associates, a security and risk consulting firm in King of Prussia, Penn. His firm specializes in identity theft cases.

In Florida, a janitor is accused of stealing the identity of an attorney whose office he cleaned. The janitor allegedly sold some of the attorney’s stock and ran up $20,000 in charges on a credit card he is accused of taking out in the attorney’s name.

These two identity theft incidents could have been prevented with a few simple precautions, said Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse in San Diego, Calif.

“It comes down to poor information management practices,” Stephens said of the identity theft. “Obviously (crews) need to get access to offices for cleaning, but any data there has to be secured.”

Paper documents need to be under lock and key to prevent identity theft. Electronic data should be encrypted and password-protected to prevent identity theft, he said.

Companies can take other steps to protect themselves from subcontractor identity theft:

  1. Make sure sensitive documents that could be used to commit identity theft are in locked drawers or file cabinets. Often they are not.
  2. Know your cleaning crew, and other sub-contractors, well. To prevent identity theft in his own office, Deming negotiated cleaning fees out of his monthly rent and retains a cleaning crew himself with the savings. And even if you know the individuals, documents still must be appropriately secured to prevent identity theft, according to Stephens.
  3. Have a high-level employee present as cleaning crews work. This helps deter them from committing identity theft.
  4. Change computer passwords often.
  5. Ensure that sensitive information is not readily downloadable to laptop computers. Many cases of identity theft have been tracked back to laptops.
  6. Only one high-level employee should have access to the Human Resources office where most sensitive data that could be used for identity theft is stored.
  7. Assign employees numbers in lieu of Social Security numbers. Thieves often use Social Security numbers to commit identity theft.
  8. Do not send personal data via email. Someone could access the email without permission and commit identity theft with the information he finds.
  9. Frequent audits of bank records and files are the best ways to catch any identity theft sooner rather than later.