Discover how to keep your organization and employee data safe from fraudsters.
Unemployment insurance (UI) fraud has become a significant business risk that many companies don’t even know about. The Department of Labor (DOL) reported more than $45 billion in suspected COVID-era UI fraud, for example, and a Government Accountability Office (GAO) estimate put total pandemic losses as high as $100 billion to $135 billion.
State agencies are still unwinding these fraud schemes in 2025, and businesses of all sizes are at risk – especially SMBs without formal prevention systems.
Fraudulent claims waste time, drain resources, and expose your business to regulatory scrutiny. Could you be a potential UI fraud victim this year? Let’s make sure that doesn’t happen.
What Is Unemployment Fraud?
Unemployment fraud means illegally obtaining UI benefits by filing false claims. There are two types:
- Internal: An employee files a fraudulent claim while still employed.
- External: Someone outside the company uses stolen identity information to file a claim.
The U.S. Department of Labor warns that “unemployment identity fraud” – criminals logging into real accounts or filing claims under others’ names – is rising. That means you need to protect your organization and employees.
How Fraud Impacts U.S. Businesses
Unemployment fraud hurts companies on multiple fronts. First, it creates an unnecessary administrative burden for HR teams that must spend hours investigating claims, responding to state inquiries, and correcting records.
Here are a few things to keep in mind:
- Labor law experts note that fraudulent UI claims often come as a red flag for deeper problems: A cluster of fraudulent claims can indicate that your HR system has been breached and employee data stolen, for example.
- Employers commonly discover fraud when they receive state notices about claims filed for active employees, or when quarterly UI tax statements suddenly show massive charges. Each investigation distracts from core business, increases HR workload, and can lead to disputes with employees who are wrongly flagged as claimants.
- The financial impact is also severe. Unemployment insurance is paid by businesses through state and federal taxes, so fraud losses often translate into higher rates.
Examples of financial impacts:
- California’s unemployment fund became insolvent after pandemic claims, triggering an extra $21 per employee per year in federal UI taxes. California employers paid an extra $770 million (total $4.9 billion) in federal UI taxes in 2024, with another $1.2 billion expected for 2025.
- In Illinois, a $4.5 billion UI fund debt (mainly driven by fraud) had to be paid off by the state (with federal relief funds), but it still led to a one-time tax increase for businesses.
In short, fraudulent benefit payments can become your problem: States may try to recover overpayments by raising employer rates or levying assessments on your UI account.
There’s a trust and reputation cost, too. News of UI fraud can shake confidence if employees learn their data was stolen and misused, raising concerns about your cybersecurity posture.
Business owners should be alert for:
- Receiving state unemployment notices for current employees
- Claims for never-employed individuals
- Employees confused about sudden benefit payments
- Discrepancies in payroll reports vs. claims
These red flags signal the need for immediate internal review and system audit. Why leverage I.T. to combat UI fraud? Strong identity protection = fewer false claims. That’s because proactive managed services help secure payroll, HR, and employee records. Endpoint detection and MFA (multi-factor authentication) reduce the risk of data leaks And regular audits and backups limit damage if breaches occur.
This sets you up perfectly to keep your employees’ data (and other data) safe.
Best Practices for Protecting Employee Data
Strong data protection habits are critical. SMBs should adopt these best practices to keep their employees safe from breaches and other bad actors:
- Strict access controls
Adopt the “least privilege” principle, giving employees access only to the data they need for their jobs. For example, don’t let the marketing intern view the HR database.
- Encryption at all stages
Protect data both at rest and in transit. Encrypt HR databases, laptops, and backups so that stolen files can’t be read. Use Transport Layer Security (TLS) or encrypted file transfer when sending personal data. For wireless networks, always use modern WPA2/WPA3 security.
- Secure cloud systems
If you store HR or payroll data in the cloud (e.g., SaaS HR software or backup storage), ensure the provider is reputable and compliant. Turn on all available security features: MFA for cloud logins, strong encryption, and regular security reviews. Limit uploads/downloads of personal data to approved devices and locations. Even in the cloud, enforce the same strict access and encryption rules you use on-premises.
- Ongoing phishing education
Teach employees to spot scams, because phishing is the top way credentials get stolen. Even smart users can slip up: CISA found that in phishing tests, 84% of recipients clicked on malicious links or shared information. Regular awareness training and simulated phishing drills can reduce that risk. Remind staff never to open suspicious emails claiming to be from “the unemployment office” or anyone asking for confidential data.
With good training, you make it much harder for attackers to trick your team. And implementing these practices helps ensure the safety of your employees’ data.
Partnering with an Expert Managed Service Provider
Rather than trying to “fix” fraud after it happens, many SMBs now team up with MSPs to build robust defenses from the start. MSPs deliver enterprise-grade I.T. support that SMBs can afford. They operate on a predictable subscription model (avoiding surprise bills) and cover everything from helpdesk to cybersecurity.
MSPs bring ongoing security advantages:
- Around-the-clock monitoring
- Automatic patching
- Regular compliance updates
They’ll notice if your firewall software is outdated or a new phishing campaign is circulating, for example, and they can respond instantly. This 24/7 vigilance “minimizes downtime” and catches threats early.
Crucially, an MSP acts as your strategic, proactive I.T. partner.You get an I.T. department that elevates your threat readiness instead of scrambling only after fraud occurs. This means your team can focus on core business while the MSP runs drills, reviews logs, and keeps defenses updated.
Proactive Protection Is the Best Defense
Unemployment fraud is a complex, evolving threat, but SMBs don’t have to face it alone. You can build a formidable defense by combining innovative technology with strong leadership and partnerships. At Attentus Technologies, we help you do exactly that. Our proactive I.T. solutions include identity safeguards, multi-factor authentication, data encryption, and phishing prevention, and all backed by hands-on staff training to turn your team into your first line of defense. Through our vCIO service, you also gain strategic guidance to align cybersecurity with your business goals. We provide 24/7 monitoring of your technology environment, help you stay ahead of compliance risks, and make sure employee data is protected at every layer. One of our core values is to “Be the Answer,” and that means showing up with practical, tailored solutions before problems arise. That’s why our clients stay with us for over 10 years on average.
Want to learn how to protect your employees’ data and your company’s bottom line? Let’s talk.
Get in touch today to learn more.
