A hidden risk that exists in every workplace: the risk of benefits-related identity theft.

Last year, suspected ID thefts in our country hit a record 79 million. Half to 70% of them happened in the workplace, according to a report by the Alexander Hamilton Institute.

Here are three steps to minimize the risk:

1. Spot vulnerable areas

Every company with 401(k)s, paid time off, flexible spending accounts, health reimbursement accounts and similar benefits is at risk.

That’s because benefits paperwork (and employee files in general) contain just about all the info any thief needs to steal someone’s identity:

• names and addresses
• Social Security numbers
• dates of birth
• bank account numbers, and/or
• personal identifying information about spouses and dependents.

Benefits theft comes in many different forms, and can be inside jobs or ones perpetrated by non-employees. Here are two common scenarios that demonstrate just how easily a theft can happen.

No. #1: theft from a reimbursement account. The theft happens when your company cuts a check for a seemingly legit claim. The check gets cashed – but not by the employee entitled to the money. Instead, it’s channeled to a payroll temp who accessed an employee’s information and forged the claim.

The most vulnerable victims are employees who either don’t know they’re entitled to certain benefits (e.g., paid time off buy-backs), or are unaware of how much they’re owed. Recently terminated employees are also prime victims.

No. 2: 401(k) theft.  If an employee’s online statement gets hacked into or his enrollment paperwork falls into the wrong hands, it takes only a few mouse clicks to wipe out the victim’s retirement savings. The scariest part: Victims of benefits-related ID theft often make out worse than those who fall prey to credit card or check card theft.

With those types of theft, victims need only call their card issuer or bank, report the crime and refuse to pay for an item. But 401(k) theft is much, much harder to resolve. That’s because 401(k)s rarely – if ever – come with automatic identity theft protection from the vendor.

Even if the theft is successfully resolved, the situation becomes an ERISA nightmare for plan sponsors. Your company must calculate and reimburse the lack of market growth of the employee’s account during the time the money was missing.

2. Raise awareness

Benefits ID theft is a risk upper management often overlooks until it’s too late. Same goes for employees. Best practice: Create a privacy policy that includes procedures for the safe handling of benefits information.

For management: Stress the need to limit access to employee data, both paper and electronic.

For employees: Focus on how workers can help protect themselves (e.g., logging off computers when they leave their desks).

3. Take proven safety measures

The following best practices significantly cut the benefits theft risk:

• Lock all personnel files. Use combination locks, if possible, because they’re harder to pick.
• Keep employees’ and managers’ signatures on file. If there’s a suspicious reimbursement check, the handwriting may need to be audited.
• Run reports of recently terminated employees. Best practice: Audit canceled benefits reimbursement checks cut in their names.
•  Consider direct deposit for benefits reimbursements as well as regular compensation. This is often safer than paper checks.
• Create an anonymous reporting system for suspected fraud, and
• Work with IT to safeguard your benefits intranet and/or passwords.