While we here at Secure Thoughts have done our absolute best to inform you of the dangers lurking about online, a fact that we would like to emphasize is that corporate security still matters. Companies and large organizations are a major target for attacks and simply reading the news you’ll hear about a major attack every other week.
Companies are a treasure trove of information for cybercriminals who hope to net a huge profit from selling the collected information of thousands of customers and/or employees. Considering how selling the information can net them millions, hackers or hacker collectives would be more than willing to spend a few months planning an attack on your company.
The risk is there and the profit potential is clear for these cybercriminals. Credit card information and sensitive account information is used to commit identify theft and fraud, and your online freedom could be put at risk by someone trying to use your information against you.
The fact of the matter is that if your company is the victim of a data breach you can’t consider yourself safe, even if the company is contractually or legally responsible for the protection of your personal data and that of customers. If you can’t rely on your organization, you need to take matters into your own hands and prepare yourself.
Here are the questions you need to ask yourself and the facts you need to think about:
Think About What Your Employer Has
For the perfect example of what could happen if your workplace were to become the victim of a data breach, you should take a look at the Office of Personnel Management attacks that occurred last year, affecting millions. The ramifications are likely still developing as you read this.
Your online freedom and personal privacy could be affected for years as the data taken from your place of work gets sold and transferred across the net. While some data is more time-sensitive, your address could very well still be relevant in a data set used for identity theft years down the road.
Here is some of the types of information stolen from the OPM hacks:
- Job and pay history
- Health and life insurance information
- Military records (if applicable)
- Fingerprints copies and information
- Social Security numbers
- Other data on age, gender, race, etc.
Think about what your workplace has on you at the moment. They obviously have to have a good deal of information on you for tax purposes, but what other HR information might they have on you? Are they keeping it save, or it is kept in a poorly encrypted (or unencrypted) excel spreadsheet in the cloud? Take notes and start thinking about what you can do.
People, Not Technology
One of the open secrets in the IT security world is that most data breaches and other data leaks are caused heavily in parts by human error and not a failure in the technological security measures put in place.
This means that at a fundamental level the security of your personal information that your workplace has is determined more by your coworkers and company policies than by your IT department (try as hard as they might). The best technology means nothing if it is not in the proper hands. Improper handling is what will likely lead to the hostage-taking of your personal information at your office.
While this might be more of a human resources issue than something you can handle on your own, your sharp eyes can make the difference between an unintentional catastrophic data leak and a learning experience. At the very least you might be able to catch a leak of your own data before it occurs, such as a co-worker sending out your contact information in an unprotected email.
Your Reputation Is Linked
Something else that you need to consider when trying to manage your information and how it’s being kept at your workplace is your own professional reputation. Do you want to attach your name to a company who made the news for a recent data breach? If you explain that you had nothing to do with the data breach in the first place, you can probably gloss over it, but do you really want to start from that weaker position?
If you are the cause for the data breach in any way, however, you will put your career in serious danger. You will effectively be a bad omen and passed over for other candidates when it comes time for you to pursue other career options.
The ramifications that identity theft can have on your credit score can similarly cause problems down the line. Even if the problem is solved, a long-term issue can severely impact your freedom of movement and life plans.
What Do You Need to Share?
If your employer needs some of your information to pay you, then you obviously need to share that information. Your SSN and your address will be needed and there’s little you can do about that. Simply based off of that information it is likely that a data breach could cause you to become the victim of identity theft no matter what you try to withhold.
That being said, you do not need to under any circumstances share your personal accounts or online resources with your organization. If damage must be inflicted, minimizing it is the key.
Your family’s information should also remain safe in their hands. While there may be a few things about your spouse that your company needs to know, other contact information should be kept to a minimum, even with the best of intentions on the part of your company. This is one instance you need to err on the side of caution.
To separate these areas of your life, try to have a professional email address that you use in communication with managers and others in the event your workplace doesn’t provide you with one. Using your personal address can only make things worse for you should a data breach occur. You don’t need a crisis at work and at home happening all at once.
Your hardware should remain off limits as well. While the bring your own device movement seemed like a good idea at the time, we’ve only seen security issues being brought in from the outside world into the workplace (and vice versa). You are probably more likely to have viruses on your computer than on a workplace computer based on viewing habits, and you likely use a lot more accounts than you do at the workplace.
So What Should You Suggest to Your Manager?
You can’t control everything. Even if you are a decision maker, you can’t micromanage to such a degree as to keep everyone safe. Even in the off chance that you work in IT security, there will always be hidden dangers that could be hard to find and could cause a data breach.
That being said, it is quite possible that certain procedures and policies have not been created because they haven’t been thought of yet or need someone to push for them. You can be that person.
Here are some actionable items that you could suggest to your manager or board (or just act on yourself, if possible) to lower the risk of a data breach and thereby protect yourself:
- Make sure that there is a clear line between the workplace and the home when it comes to technology. Checking work emails at home under safe conditions is one thing, but bringing home employee records or other sensitive project information is another story.
- Remote workers should be well-equipped to have their information protected. Certain industries such as health care need to have devices and programs be compliant with guidelines in order to legally work with customer information. Whether this is the case should be double checked.
- Some employers offer identity theft protection services as a benefit or standard practice of work. While having a situation reach this point would not be ideal, you and your co-workers would be thankful for it if a data breach it if occurred.
- Have clear policies and procedures put in place to protect information. How are people supposed to work in the best interests of both themselves and others if there are miscommunications as to what’s to be done?
- See if training programs or professionals are available for anyone who simply doesn’t feel comfortable with cybersecurity. Such training tools should be mandatory for anyone who is new and should be done at least every six months. IT security is simply too volatile of a topic to be left alone for more than that time.
- Make sure physical records and information is kept similarly safe. An untrustworthy or disgruntled employee could easily cause some difficulties or damage should they decide to snoop around the office. Files and paperwork should be locked away in filing cabinets or safes, and there should be clear guidelines to make sure that there are no passwords or user names written on sticky notes around the office (you’ve seen them) unless those accounts are to be treated as public.
- As a general rule you should say something or make a note of it when you see a potential vulnerability. Just try to not only fix the problem but notice and refine the pattern that led to the vulnerability in the first place. Try to fix leaks instead of cleaning up messes.
Your workplace shouldn’t be a place where you worry about your information in any capacity. If you can remove as many online dangers as possible, you can work towards making sure that you and others perform your best work without fear for your security running through the back of your mind.
Are there any other concerns about the workplace you have regarding the protection of your personal information? Are there any methods not listed above that your workplace uses to protect employee and customer information? Any other comments you would like to make? If so, please leave a comment below and tell us what you think.
If you found this article useful, then please make sure to share this information with your co-workers and loved ones so that they can better prepare themselves as well.