Costing the global economy around $400 billion per year, cyber crime has become one of the most significant risks that an employer faces today. Information is a valuable commodity in the right hands, and hackers around the world are increasing their efforts every minute to obtain it. As technology develops, more organizations are using computers and online services to store files, process personal information, and make transactions. This increases the exposure of employee records, customer information, and intellectual property to theft, contributing to the rise in cyber crime at an alarming rate.
Employers Are at Serious Risk
Information is one of the most important assets that an organization can possess, sometimes more so than physical assets. Valuable intellectual property is the staple product of several industries. Technology companies store information on patents that they develop. Law firms spend a great deal of capital generating files full of legal information. Leaving information unsecured is as risky as leaving physical assets unlocked and unguarded.
There are also strict obligations for organizations to protect information. All employers must safeguard their employment records and protect the privacy of employees. Healthcare providers are required to protect their patients’ medical records. Merchants have a duty to secure any credit or payment information from cyber criminals. Failing to protect consumer information could result in severe penalties.
The federal Office of Personnel Management recently revealed that hackers obtained sensitive information on more than 21 million people through its computer network. It was predicted that the hackers stole personal information, including social security numbers, from these victims. Additionally, more than one million fingerprints were stolen during the breach. The victims of this type of violation now face the risk of criminal activities such as identity or welfare theft.
The Federal Trade Commission (FTC) has reported that more than 250,000 identity theft complaints were filed in 2013. These crimes include unauthorized use of credit card information, bank accounts, and personal data of employees. The FTC has filed actions against more than 50 businesses for failing to use proper security measures that protect the data of employees and customers.
What Employers Are Doing Wrong
The actions filed by the FTC can serve as an example to employers to prevent repeating the past mistakes of others. The FTC has identified several points of weakness that may appear in an organization’s security and how they may be addressed:
Although cyber crime is a growing threat, employers should continue to protect physical records from theft or loss. Access must be restricted, transportation of documents limited, and storage containers securely locked by key or passcode.
Further Steps Employers Can Take
Many organizations are not aware that their insurers most likely do not cover cyber liability, but independent policies exist to cover such losses. These policies can also cover liability to third parties or legal penalties for certain breaches. Reports show that the greatest expense of cyber attacks, including minor ones, is the disruption to business operations. Loss of profits due to these disruptions can be mitigated with a proper insurance policy.
The average time for an organization to fully contain a breach is an astonishing 31 days. By implementing policies and procedures to react immediately to threats, this time can be greatly reduced and costs of disrupted operations can be saved. Many companies are making investments to speed up their procedures, including purchasing early detection software or hiring specialists to monitor and control networks.
A major defense to network breaches is the compartmentalization of sensitive information. Networks should have multiple firewalls to restrict access to the system and to specifically block extraction of data. Where employees or agents are given mobile access to data, the data should not only remain secure, but be strictly limited to what is necessary for that employee’s purpose. A recent case revealed that a company lost 20 million pieces of sensitive information to a thief that stole a laptop from an employee’s car.
Another study found that more than one third of data leaks are caused by employee negligence. While thorough training is the most effective defense against these leaks, employers can identify where there may be weaknesses in their staff. One such method is to send employees fake “phishing” e-mails that are identical to actual malicious e-mails. Employers can identify who mistakenly opens these e-mails and retrain those employees to drastically reduce the chances of another such occurrence.
Ironically, a study has discovered that the companies that are safest from cyber attacks are those that have recently had a breach. This indicates that too many employers are using cyber security as a reactive measure rather than a preventative one. Employers can learn from these errors by taking necessary security steps before there is a breach, rather than waiting until it is too late.