Protecting Employees From Data Breaches

Uploaded on 2017-02-15 in FREE TO VIEW, JOBS-Careers, NEWS-Cybersecurity News

Most of us have read about large data breaches, like the recent Yahoo breach of 500 million accounts, reportedly the largest such incident in history. Businesses are ramping up security, training, response, and insurance tactics to respond to this ever-increasing threat.

Although this continues to be a significant area of focus, many businesses fail to realize that many of their employees have been “hacked” through these data breaches and are struggling to regain their identity, repair their credit, or repair their health records.

This scenario is becoming almost commonplace, causing presenteeism (coming to work despite illness, injury or anxiety but resulting in reduced productivity), missed work and undue stress.

Unfortunately, businesses need not only a strategy to protect the business itself but also a strategy to help employees impacted by breaches. A solid plan can actually become an employee benefit.

Recently, an employee of a local business experienced a cyber breach of his medical records, which resulted in over $500,000 in medical expenses being “charged” to his health insurance account. This created a record-clearing nightmare for this individual. He had to work to repair his medical records, have financial records changed and charges reversed, and consider credit monitoring.

To make matters worse, the insurance company was uncooperative and unresponsive. As you can imagine, this breach that impacted one individual has created significant effort, strife and poor feelings about a “benefit” being provided to him by his employer.

Employees can experience cyber breaches at home or work. These breaches can have a significant negative impact on both the employee and the company, regardless of the source.

Much has been written about the big breaches like Target and Yahoo, but many are impacted by all types and sizes of breaches. The likelihood of your business associates or you personally being “hacked” is growing every day.  

Most businesses would benefit from providing employees with training, tools, resources and insurance advice to reduce the impact on employees and, ultimately, their company.

Some basic computer protection is always in order. This applies to business, personal and mobile devices. IT professionals can assist with installing firewalls, anti-virus programs and security software. Updating software programs with upgrades provided regularly by software manufacturers is critical in keeping all programs up to date with security provisions. Regular backup of all devices is paramount.

Passwords are my personal nemesis. Making sure they are changed regularly, making them “strong and secure” and storing them in a safe and secure place are key security practices.

Many hackers use password-cracking software, and weak passwords are especially vulnerable.

Some basics password-creation tips:

  • Make them at least 10 characters in length, including at least one uppercase letter
  • Include one or two special characters, and include one to four numbers
  • Passwords should be changed regularly (at least annually) and should be different for most accounts

Most businesses develop training programs for staff. Many, however, do not provide effective training on business and personal computer security.

Protecting online accounts from phishing is an example of a tactic used to “trick” a user into providing information or clicking on a link that installs malware. Training programs that address the strategies hackers use, such as social media security, mobile devices and wireless networks, can prove invaluable for both business and personal users.

In addition to training, businesses can help employees by offering group discounts or access to credit monitoring/fraud prevention services.

Services such as Identity Guard, Lifelock and All Clear ID are just a few of the offerings that provide help monitoring credit reports, website surveillance and restoration of identity, finances and health information.

Individual insurance coverage can be added to or included in an employee’s personal insurance program such as a home-owner’s policy. This coverage is normally limited for items such as lost wages, costs associated with restoration and legal fees.

Businesses can and should be an advocate for their employees, and computer security is no exception. This area is particularly important for both the business and its employees. Training, services and insurance advice can be part of an overall strategy to reduce risk and create an additional employee benefit.

News-Leader:           Dealing With Insider Data Theft:    Seven Profiles Of Highly Risky Insiders:

« Non-Secure IoT Devices Are Powerful Weapons
WikiLeaks Wants A Database To Verify Twitter Users »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

NNIT

NNIT

NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations, including cyber security.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Toka Group

Toka Group

Toka empowers government agencies with critical and previously out-of-reach digital forensics, force protection and Intelligence capabilities, tackling the fields' most pressing challenges.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.

Sectricity

Sectricity

As independent ethical hackers, Sectricity go beyond traditional security, uncovering every vulnerability - testing both systems and employees to eliminate weak spots.