22 Nov Data breaches are a serious matter
A company’s information is the key to its operation. It follows from this that one of the highest
priorities on a CEOs dashboard is security, both physical and technological.
We all know about the famous threats, the big deal hacks and data breaches that occur all of the
time, and which consistently target big names and companies. But the vast majority of data hacks
don’t result from targeted strikes, but from internal error.
Most of the time, this error is employee driven.
This means that employees are both the first and last line of defense against breaches. Most of
which take the form of phishing scams and similar fishing net type traps, as well as Trojan horses
that like to hide in adware, which is a malware in and of itself.
Employees should know how to spot suspicious activity and what to do if they accidently click
on a link, hit a button or go to a website that may put employer data at risk
States have passed a number of laws designed to force companies to keep an eye out for data
breaches, which, while that may seem redundant, is par for the course.
These laws boil down to requiring disclosures when certain information gets compromised, such
as when PII gets released. In most states, personally identifiable information (PII) consists of a
first name or first initial combined with a last name and a:
Social Security number.
Driver's license number.
Bank account, credit card or other financial account number.
In the past few years, many states have added categories of protected PII, including medical
information and any account information in combination with a personal identification number
Philip Gordon, an attorney with Littler in Denver, recommended that employers take the
following steps to establish a culture of data-security awareness and compliance:
Conduct thorough pre-employment screening to avoid hiring individuals who pose a risk
to personal information.
Require employees to sign confidentiality agreements to reinforce the importance of
Provide periodic information-security training to new hires and current employees,
focusing on identifying phishing scams and protecting portable devices.
Limit access to personal information to those employees who need the information to
perform their job.
Develop information-security policies designed for line employees, not just IT.