November 26 Tip of the Week

“Cybersecurity Concerns”

An area of great concern for employers over the last several years is cybersecurity.  The media is replete with reports of ransomware attacks and other data security breaches that impact both the ability of employers to continue their operations and the safety and security of private information regarding employees, customers, and clients.  One of the primary responses to these threats by employers is to implement cybersecurity training programs for their employees; however, in many instances, these training efforts amount to “trying to teach an old dog new tricks” and often do not have the desired result.  Anyone who has spent time in an employee’s work emails will find numerous examples of the use of company electronic resources for personal reasons.  Most employee email folders contain emails from Amazon, Target, and other big retailers as well as spam emails waiting for the unsuspecting to click on the link that will open the employer’s system for all to access. 

Cybersecurity training can be expensive and time consuming and often does not have the intended effect.  Some employees, who can’t be bothered to carefully evaluate their email for threats, will spend time trying to find ways to beat the system and avoid completing the training.  While others who do complete the training have difficulty retaining the information they learned and continue to mindlessly click on the spam email hoping to win the promised prize offered.  Cybersecurity professionals are hard to find and data breaches can often result in expensive penalties and other costs for employers.  When a data breach occurs, some laws require employers and businesses to provide those individuals affected by the breach with a credit monitoring service to ensure that the information obtained from the breach is not used to negatively impact the affected individuals. This results in an added and ongoing cost of the breach.   

What can employers do to better protect themselves, their employees and customers from these types of cybersecurity attacks and threats?  As with most HR issues, draft and implement strong, clearly worded policies regarding the use of an employer’s electronic resources including email systems.  Train employees on cybersecurity.  Enforce the policies and the training requirements consistently and universally; do not allow employees to minimize the threat or think that it can’t happen to them or your business.  Finally, know the resources that are available.  For example, the Federal Trade Commission published a guide for businesses on how to respond to these breaches:  “Data Breach Response:  A Guide for Business,” which can be found here:  https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business.  The federal government has also established a website, “Cybersecurity and Infrastructure Security Agency,” that provides helpful information related to cybersecurity and data breach threats.  This website includes access to training materials, bulletins and news reports on the latest threats, and identifies the countries and sources of these threats. 

myHRcounsel can assist you  in developing policies and training materials to minimize the risk of data breaches.  myHRcounsel can also assist you when you experience a data breach or when employment issues arise related to these breaches.  Remember, however, that the best defense is a good offense and use these free resources to help you minimize your risk and ensure the safety of your electronic data and systems.