According to the Identity Theft Resource Center (ITRC), there were 781 U.S. data breaches last year, and the risk is predicted to grow exponentially. Data privacy is one of the biggest threats facing businesses this year and, in years to come.
Breaches over the past few years at companies like Sony, Target, Home Depot, and Anthem have grabbed headlines and exposed the personal details of millions of people—not to mention personal correspondence and backroom gossip. Incidents like these don’t just trigger a PR nightmare that can sink sales and injure a brand’s reputation; there are human consequences faced by the people involved: Customers, partners, and especially employees.
In the wake of any data breach, you’ll find stress and damage to employee morale—a drop in productivity, as well as speculation, blame, and anxiety about potential career ramifications for anyone involved. There are also hard internal costs: After the breach at Sony, for example, the company paid $8 million in damages to its employees for identity theft, compromised personal information, as well as the resulting legal fees.
Protecting big data, privacy, and your staff means keeping information secure and taking a measured response if an incident occurs.
The Stress of Keeping Big Data Secure
There are different types of data breaches. As listed by the ITRC, hacking topped the list—followed by “Employee Error/Negligence” and “Accidental Email/Internet Exposure.” Security breaches can be malicious, but they often aren’t; exposure can come from something as simple as trying to fix a broken hard drive, like the situation that could have exposed the personal records of 70 million veterans in 2008.
The responsibility to keep data safe isn’t one people take lightly, but it can be intense—and that, perhaps ironically, is when the risk of a breach can go up.
One survey found that “burdensome, complex, and ambiguous information security requirements” can put a lot of pressure on employees, which makes them more likely to violate established information security policies. Other studies have found that people often use “neutralization techniques,” downplaying or ignoring certain values, as a means of justifying policy violations.
Here are steps you can take to help minimize the risk and the related stress on your employees.
Keep Data Secure but Accessible
The first step to preventing a security breach is to tighten high-level security: Identify data that needs to be kept secure and who needs to have access. Leveraging big data to get an advantage over competitors is essential for business strategy, but limiting access helps reduce the possibility of human error.
You must carefully maintain any customer data for business purposes as well as customer safety: Credit card data, purchase histories, personal information, and records of customer interactions can all present opportunities for data breaches.
Whether you store it locally or in the cloud, confidential data should only be available to the professionals who know how to use it. These layers of security can present more issues for IT, but limiting access to an as-needed basis is a critical first step.
Also, never use the same access IDs and passwords for local logins that you use for the cloud.
Educate Employees to Reduce the Risk of Accidents
Employees need training and information to help them make smart data-related decisions with confidence—and to understand when to ask for help.
- Give employees a robust framework to make decisions about data and information. Make it easy for them to comprehend how they can stay compliant and how to identify when they need to escalate a situation.
- Provide them with the training the need to understand not just what’s appropriate, but also how they can apply any related skills to their day-to-day work.
- If employees are accessing sensitive information on unsecured devices, review your company’s “bring your own device” (BYOD) policies. Put safeguards in place that leave no margin for error, not just in securing data and access routes but also giving staff clear expectations.
Engage Employees and Establish Good Habits
As Lucy L. M. Phillips, a consultant with FTI Consulting in London, wrote: “Creating a culture where employees respect data and are motivated to protect the business is critical to cyber security.”
Turning safety procedures into habits can lead to a self-perpetuating cycle of compliance; security considerations become ingrained in employees’ daily processes. Setting a standard operating procedure isn’t enough; to really engage employees in data security, they need to know not just what to do but how to do it properly and why it matters.
In Case of a Potential Breach, Keep Everyone on the Same Page
Chief privacy officers (CPOs) and business owners need to ensure both the security of their information and the safety and sanity of their employees. Safe practices will help both.
- Have a response strategy and communication plan in place before a situation comes up.
- Create an incident response team—including IT, HR, and legal—which will be the first involved if a situation occurs. Their role is to manage the process and make sure to notify anyone who might have been affected.
- Communicate as much as possible without speculating. “Everyone inside the business (and often a lot of people outside) wants to know what’s happening, almost always before there is an accurate understanding of the incident, its impact, and its root cause,” wrote John Parkinson, an affiliate partner at Waterstone Management Group in Chicago. It’s too easy for misinformation and confusion to spread.
Thorough safety protocols, software, and gates are essential, but you need to remember to account for the human element in any data security planning. Give employees the training they need, make data security part of your culture, and make sure your team understands why follow through is critical to keep your corporate—and their own—information safe.