If you’re like most business owners, your strategy to protect business data focuses on cybersecurity and hacker protection, and that’s a smart move, but you may be overlooking a major risk—your employees.
Research by CEB Inc., a technology company, suggests that employee errors account for nearly 60 percent of privacy failures.
Your best business defense: A well-trained team
A data security plan may look great on paper, but it’s only as strong as the employees who implement it. A well-trained team is the best defense against identity theft and data breaches. To help improve your security vulnerabilities, the safety experts at the Insurance Services Office (ISO) recommend the following tips.
- Check references or do background checks before hiring employees who will have access to sensitive data.
- Ask every new employee to sign an agreement to follow the company confidentiality and security standards for handling sensitive data.
- Regularly remind employees of company policy—and any legal requirements—to keep customer information secure and confidential.
- Limit access to personally identifiable information. Know which employees have access to consumers’ sensitive personally identifiable information. Pay particular attention to data like Social Security numbers and account numbers.
- Set up a regular schedule of employee training. Periodic training emphasizes the importance placed on data security practices. Make sure training includes employees at satellite offices, temporary help and seasonal workers.
- Teach employees about the dangers of spear phishing. Spear phishing is an e-mail or electronic communication scam targeted toward a specific individual, organization or business. It may be an attempt to steal data or to install malware on a targeted user’s computer. These emails may appear to be legitimate and come from someone inside or outside of the company, generally someone in a position of authority.
- Warn employees about phone phishing. Train them to be suspicious of unknown callers claiming to need account numbers to process an order or asking for customer or employee contact information.
- Update employees as new risks and vulnerabilities are uncovered. Tell them how to report suspicious activity and publicly reward employees who alert you to vulnerabilities.
It’s also a good idea to have a procedure in place for making sure that workers who leave the company or transfer to another part of the company no longer have access to sensitive information. Terminate their passwords and collect keys and identification cards as part of the checkout routine.
For more information about computer security tips, tutorials and quizzes for employees, go to staysafeonline.org.
To help businesses respond if a breach occurs, ERIE offers Data Beach Response Expenses coverage. It may be purchased and added to a business insurance policy. It offers crisis resolution support and can help cover your expenses when you have to notify affected individuals of a breach. ERIE’s coverage is provided in partnership with Identity Theft 911, a provider of data risk management solutions. Contact a local ERIE agent for more information.