Protecting Employees From Data Breaches

Most of us have read about large data breaches, like the recent Yahoo breach of 500 million accounts, reportedly the largest such incident in history. Businesses are ramping up security, training, response, and insurance tactics to respond to this ever-increasing threat.

Although this continues to be a significant area of focus, many businesses fail to realize that many of their employees have been “hacked” through these data breaches and are struggling to regain their identity, repair their credit, or repair their health records.

This scenario is becoming almost commonplace, causing presenteeism (coming to work despite illness, injury or anxiety but resulting in reduced productivity), missed work and undue stress.

Unfortunately, businesses need not only a strategy to protect the business itself but also a strategy to help employees impacted by breaches. A solid plan can actually become an employee benefit.

Recently, an employee of a local business experienced a cyber breach of his medical records, which resulted in over $500,000 in medical expenses being “charged” to his health insurance account. This created a record-clearing nightmare for this individual. He had to work to repair his medical records, have financial records changed and charges reversed, and consider credit monitoring.

To make matters worse, the insurance company was uncooperative and unresponsive. As you can imagine, this breach that impacted one individual has created significant effort, strife and poor feelings about a “benefit” being provided to him by his employer.

Employees can experience cyber breaches at home or work. These breaches can have a significant negative impact on both the employee and the company, regardless of the source.

Much has been written about the big breaches like Target and Yahoo, but many are impacted by all types and sizes of breaches. The likelihood of your business associates or you personally being “hacked” is growing every day.  

Most businesses would benefit from providing employees with training, tools, resources and insurance advice to reduce the impact on employees and, ultimately, their company.

Some basic computer protection is always in order. This applies to business, personal and mobile devices. IT professionals can assist with installing firewalls, anti-virus programs and security software. Updating software programs with upgrades provided regularly by software manufacturers is critical in keeping all programs up to date with security provisions. Regular backup of all devices is paramount.

Passwords are my personal nemesis. Making sure they are changed regularly, making them “strong and secure” and storing them in a safe and secure place are key security practices.

Many hackers use password-cracking software, and weak passwords are especially vulnerable.

Some basics password-creation tips:

  • Make them at least 10 characters in length, including at least one uppercase letter
  • Include one or two special characters, and include one to four numbers
  • Passwords should be changed regularly (at least annually) and should be different for most accounts

Most businesses develop training programs for staff. Many, however, do not provide effective training on business and personal computer security.

Protecting online accounts from phishing is an example of a tactic used to “trick” a user into providing information or clicking on a link that installs malware. Training programs that address the strategies hackers use, such as social media security, mobile devices and wireless networks, can prove invaluable for both business and personal users.

In addition to training, businesses can help employees by offering group discounts or access to credit monitoring/fraud prevention services.

Services such as Identity Guard, Lifelock and All Clear ID are just a few of the offerings that provide help monitoring credit reports, website surveillance and restoration of identity, finances and health information.

Individual insurance coverage can be added to or included in an employee’s personal insurance program such as a home-owner’s policy. This coverage is normally limited for items such as lost wages, costs associated with restoration and legal fees.

Businesses can and should be an advocate for their employees, and computer security is no exception. This area is particularly important for both the business and its employees. Training, services and insurance advice can be part of an overall strategy to reduce risk and create an additional employee benefit.

News-Leader:           Dealing With Insider Data Theft:    Seven Profiles Of Highly Risky Insiders:

« Non-Secure IoT Devices Are Powerful Weapons
WikiLeaks Wants A Database To Verify Twitter Users »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Continuity Shop

Continuity Shop

Continuity Shop provides training and consultancy in Business Continuity and Information Security to some of the world's biggest organisations.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

ID Agent

ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Hunter Strategy

Hunter Strategy

Hunter Strategy focuses on delivering solutions that are concise, scalable, and target our customer’s complex technical challenges.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

GuardDog.ai

GuardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Europol - European Cybercrime Centre (EC3)

Europol - European Cybercrime Centre (EC3)

The European Cybercrime Centre (EC3) was set up by Europol to strengthen the law enforcement response to cybercrime in the EU.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.