Consider Jane’s story — how one minute she was in a loving relationship and the next, in her worst nightmare.
Jane is a dedicated employee in her mid-30s, a senior executive in the financial sector who has spent the last few years building a life with her partner, Kelly. One day, without warning, Kelly left their shared apartment and disappeared — without notice, warning, or signs.
Jane is heartbroken, but her struggles don’t stop there. In the following days, she notices strange transactions in her bank account. Thousands of dollars are missing, and her online shopping accounts display active orders she didn’t make.
She discovers her savings account is empty, her retirement investments are gone, and all her credit cards are maxed out. She is in shock, terrified, and unsure of what to do. She calls the police to report the losses and discovers that Kelly was not his real name, and she has been “honey-potted.”
In this context, honey-potted refers to someone luring another individual into a trap or compromising position, often for deceptive or exploitative purposes. In this case, Kelly used powerful emotions of love to blind Jane, build trust, and gain access to her financial credentials.
As Jane scrambles to understand what’s happening, the gravity of her situation intensifies. Her login credentials at work have been compromised, and sensitive financial documents on live banking deals — which should have been secure from third-party access — have been downloaded.
Her company’s IT and cybersecurity teams are on high alert, checking for other risks and notifying the parties involved in the breach. Jane feels ashamed and is at risk with her employer because she unknowingly gave Kelly access to her login credentials.
Jane’s life is turned upside down, and she faces an overwhelming crisis, feeling vulnerable and lost. What started as love has become her biggest nightmare. To her dismay, as she tries to put the pieces together and deal with her employer and work situation, she learns her identity has been stolen.
Question: Do you believe Jane’s story could happen? Identity theft and fraud cost North American adults billions of dollars each year. AARP reported US$43 billion in losses in 2023.
Understanding the crisis
Identity theft can shake a person’s personal and professional life. For employees like Jane, the ramifications of such a breach can be profound, affecting mental health, financial security, job performance, and job security.
HR professionals must be aware that this happens to employees daily in North America. They must know the signs of distress in employees facing such unprecedented crises and offer them comprehensive support within the employer’s control.
Supporting employees in identity theft crises
Trusted resource: Earn employees’ trust so they feel safe asking for help when in crisis. HR and leaders should foster an environment where employees feel safe discussing their vulnerabilities without fear of stigma. Thoughtful workplace mental health support programs that educate and talk about crisis, stigma, and accessing help are positive practices.
Identify support resources: Ensure employee assistance program providers have clear guidance to support employees navigating the complexities of identity theft. Employees in crises like this require access to caring financial experts or legal advisors for advice on what they can and cannot do. Provide pamphlets or digital resources on protection from identity theft and financial security risk management.
Emotional support: Ensure employees know how their Employee and Family Assistance Program works — the online, video, and in-person models — how to access them, and the benefits of consulting mental health professionals. Victims of identity theft may require professional support to deal with grief, loss, and stress.
Flexibility: A person in this type of crisis will be distracted and may need time off work to get their affairs in order. In addition to allowing them to use vacation time and leave days, flexible work arrangements can be helpful. In Jane’s case, allowing her to work remotely or adjust her hours could significantly relieve her stress as she navigates her situation.
Reinforcing trust and professional responsibility
While providing support is essential, educating employees about protecting their identities and maintaining professionalism is equally critical. Employers can adopt the following strategies:
Educate employees about cybersecurity: Conduct regular training sessions on best practices for online security. Topics can include creating strong passwords, recognizing phishing attempts, and enabling two-factor authentication. Make it clear that the responsibility to protect credentials falls on both the employer and employee. Personalize this training with examples like Jane’s to ensure learners aren’t just completing a check-the-box exercise — they must understand the personal risk.
Implement a password management system: Deploy a company-approved password manager that allows employees to create strong, unique passwords without the need to remember them all. This reduces the risk of password compromise and promotes secure logins. Do not assume employees understand boundaries when it comes to sharing passwords with loved ones. Set clear policies.
Cultivate a culture of accountability: Foster a workplace culture that emphasizes each employee’s role in maintaining data security. This can be achieved through team discussions on the importance of cybersecurity and encouraging employees to take ownership of their online behaviour, especially when dealing with sensitive work-related documents. Ensure employees are clear on their role in protecting organizational information — this is critical to IT security’s success.
Set clear boundaries regarding shared information: Instruct employees never to share access to protected work documentation and ensure they understand how they can be taken advantage of. Though no one believes they will be honey-potted — even after many years working with people in clinical or corporate settings — one key lesson is that sociopaths or psychopaths do not lead with business care. They are masters of manipulation and use powerful emotions to build trust for their own gain, without regard for the person they are attacking.
Moral of the story
As seen through Jane’s experience, identity theft can flip an employee’s life upside down, impacting far more than their financial status. It’s crucial for employers to proactively educate their teams about cyber safety and reinforce an understanding of personal boundaries and responsibility.
Employees should be empowered to protect themselves, and employers must ensure that resources and support systems are readily available. Employers can make their workplaces crisis-ready with clear prevention policies and support systems that mitigate the risk to employees — and the potential damage to the employer and its customers.
