In yesterday’s Advisor, guest columnist Matt Cullina, CEO of IDT911, presented the importance of preparing employees for cyber incidents such as identity theft. Today Cullina addresses another important aspect of training for these security challenges—when you protect employees, you protect the business.
Protect Your Employees While Protecting the Business
Employees also pose potential security challenges, so continuous training is important to protect a company’s own data and that of its customers. Companies should consider implementing educational sessions about new scams and privacy and security refreshers as part of their annual compliance training. By partnering with employees to help protect their data, the organization can maximize its technology investment and ensure everyone is devoted to the company’s culture of security.
Social engineering schemes are popular among hackers, effectively turning the workforce into either an employer’s first line of defense or its greatest weakness. The most recent spoof comes courtesy of a company’s top executive—or so the scammer wants you to think.
An employee will receive a request from the CEO—either by way of a hacked e-mail account or an e-mail address that closely resembles the real thing—to cough up documents, usually W-2s. With a few clicks, countless data about a company’s employees have been exposed. Rather than quickly react, employees should be trained that if they see something, say something.
Do Your Part to Protect Employees’ Data
Employers house valuable personal information for current, former, and sometimes potential employees. Given the risks individuals face if their data are exposed, employers should afford their highest level of protection to workers’ personally identifiable information. This includes not only names, birth dates, and Social Security numbers but also home and e-mail addresses, educational histories, information on benefits coverage, employees’ dependents, and insurance beneficiaries.
With the move toward broader use of vendor-provided cloud services, employers are putting a greater focus on ensuring that third parties are treating employee data with the appropriate level of care. Review the security practices of every vendor responsible for handling workers’ information, from payroll processors to third-party benefits administrators.
Ensure that encryption and similar protective measures are in use where necessary and that vendors provide their own employees with training on security best practices. In addition, employers will want to confirm that every vendor touching employees’ data has a robust breach response plan in place if an exposure occurs.
Additional Support Solutions Are Available
“Employers are already trying to help their employees have the right frame of mind when they come to work,” Ray says, pointing to resources such as employee assistance programs and wellness plans. As a complement to those services, employers may also consider offering access to identity theft protection as part of the organization’s benefits package.
These solutions often include tools to minimize employees’ cyber risks along with educational materials demonstrating how to protect their identities and safeguard their data. Some identity management offerings also provide access to fraud and theft resolution experts who can support employees if their identity is stolen or their personal data compromised. Together these strategies create a mix of proactive and reactive tools to help keep employees’ stress down and their job performance up.