Bloomberg Law for HR Professionals is a complete, one-stop resource, continuously updated, providing HR professionals with fast answers to a wide range of domestic and international human resources...
May 25 — Corporate cultures that don't prioritize employee training, company image or customer service could be open to greater risk of a data breach, according to new research from Willis Towers Watson.
The human element is a great risk factor in data security breaches, and often the corporate culture that surrounds employees influences their commitment to protecting the company's data and security, Adeola Adele, employment practices liability product and cyber-thought-leader of Willis Towers Watson’s FINEX North America practice, told Bloomberg BNA May 23.
It's important to understand the human element in order to start addressing the risk of a cyber breach more effectively, Adele said.
Willis Towers Watson studied reports of actual breach events and the corresponding surveys employees had completed at or before the time of the breach event, Patrick Kulesa, global research director of Willis Towers Watson’s Research and Innovation Center, told Bloomberg BNA May 23. The advisory firm analyzed employee survey results from more than 450,000 employees at 12 organizations.
This research revealed common places where employees are struggling in following protocol and practices regarding information and data security, Kulesa said. Specifically, workers in companies that had a data breach had less favorable views of training, especially for new employees; they also indicated a widespread lack of customer focus at the employer.
Adele and Kulesa recommended employers adopt a number of prevention strategies:
According to Roland Hung, an associate in the litigation group for McCarthy Tetrault in Calgary, Canada, many employers may not be able to avoid a breach entirely, but there are steps they can take to limit the extent of the damage. Organizations should only collect or retain enough information or data needed to reasonably address a project or task, Hung told Bloomberg BNA.
Additionally, if an employer uses a third-party vendor for data collection and storing, there should be a contract in place that requires the vendor to notify the organization of a breach or a suspected breach, he said. Companies also should make sure that their data retention and destruction policies comply with federal regulations, Hung added.
While in many instances data breaches result from simple employee error, employers too often discount threats from workers seeking to deliberately cause a cyber breach, Edward McAndrew, a partner at Ballard Spahr LLP and a former federal cybercrime prosecutor, told Bloomberg BNA May 24.
Employers need to have comprehensive monitoring of Internet network behavior of their employees, McAndrew said.
Anomalies have to be spotted in real time, he said. “It’s not enough to just have a stronger firewall, and it’s not enough to train employees and hope for the best,” McAndrew added.
At first notice of a malicious breach from within the company, an investigation should begin without tipping off the suspected employee, he said. This can be done through mirror imaging of the employee's workstation at night and monitoring the employee’s online and physical activities, McAndrew said. He also recommended employers seek help from local law enforcement.
If all of this is done effectively, there’s a great potential to mitigate the harm, fully understand and recover from the breach, and properly take action against the employee, he said.
To contact the reporter on this story: Genevieve Douglas in Washington at email@example.com
To contact the editor responsible for this story: Tony Harris in Washington at firstname.lastname@example.org
The report from Willis Towers Watson is available at https://www.willistowerswatson.com/en/insights/2016/05/inside-threat-why-employee-behavior-and-opinions-impact-cyber-risk.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)