High-tech companies like Sony, Target, and Yahoo—along with the U.S. government—have been victims of data breaches. If these companies, with the best resources at their disposal, can be compromised, what hope do average small-to-mid-size businesses have to protect their data? And how can HR departments help keep employee data safe?
Most small to medium sized businesses haven’t had to think about network security, much less a breach of security, but times have changed, and keeping employee data safe is another responsibility of the HR department. However, there is an answer. HR and IT working together can keep employee data safe, but also understand and face the cyber threats in the workplace together
Keeping Employee Data Safe: Key Threats and Trends
In the past year, 50 percent of all businesses experienced a ransomware attack. Employee information, followed by financial data and then customer information was most at risk, with hackers denying users access to the data until they paid a fee. Even more alarming, 48 percent of the businesses attacked believe an opportunistic hacker—not an organization of professional cyber criminals—committed the crime.
It seems employees are making it easy for hackers, too. According to the 2016 Verizon Data Breach Investigations report, 63 percent of data breaches occurred as a result of “weak, default, or stolen password.” Other mistakes:
- Confidential information sent to the wrong person
- Company data disposed of improperly
- Lost or stolen devices storing sensitive company data
- Misconfigured IT systems
How to Protect Employee Data
Even if the IT department sets up the necessary firewalls to help ensure cybersecurity in the workplace many breaches occur because of phishing or password theft. The HR department should work with IT to provide employee training to help keep data safe, monitor employee activity to minimize risk, and track threats and trends through predictive analytics.
Here are a few steps the HR department and IT staff can take to promote cybersecurity in the workplace.
1. Educate employees on password best practices. A strong password is the best line of defense against cyberattacks. Install or recommend password management software, which can make it easier for employees to set strong, unique passwords for their programs and applications.
2. Prohibit Wi-Fi use on unsecured networks. With the prevalence of telecommuting in the workplace, many employees work from coffee houses and other public places. Employees traveling for business may tap into unsecured hotel Wi-Fi networks. Prohibit this practice, and consider equipping employees who travel frequently with secured mobile hotspot devices they can use, instead. In addition, employees should never leave their devices unattended in public places; hackers can equip devices with software that can log keystrokes and steal passwords.
3. Deploy software that wipes lost or stolen mobile devices. Losing a smartphone, tablet, or laptop is not a crime—it can happen to anyone. Employees should know they must report lost or stolen devices immediately. All devices, including BYOD, should be equipped with software that remotely wipes data as soon as a device is reported stolen.
4. Employ the latest in predictive analytics. Network monitoring helps identify breaches. Unfortunately, most technology today only spots attacks after they occur. By the time an attacker breaches a firewall, it takes just minutes to install ransomware or steal data, so alerts can help minimize damage, but not prevent it completely. Thanks to advances in machine learning, however, new techniques can recognize anomalies in network traffic to detect a threat as it occurs. This technology is still in its early stages, but experts say cybersecurity will rely on predictive analytics in the near future.
IT and HR: Working Together Toward Cybersecurity in the Workplace
Good cybersecurity consists of having the right technology and training employees to keep the data on their devices secure. When IT and HR work together, organizations of any size can minimize the chances of a data breach.
This article was first published on FOW Media.