By now, it’s safe to assume that everyone’s Personally Identifiable Information (PII) has been compromised in some way. The digital nature of our world has made us more connected, efficient, and productive than ever before. However, with these conveniences come risks – and those risks extend beyond the four walls of the office.
We are living in an era where everyone is “always on,” meaning that no matter where we go, we are transmitting data over the internet. This Internet of Things (IoT) has and continues to shape our lives at work, at home, and on-the-go.
By 2020, it’s projected that there will be more than 30 billion IoT devices. Every one of these data-sharing devices can be a susceptible to a cyberattack, exposing sensitive personal, company, or customer information. On the flipside, poorly-secured IoT devices can be used against organizations – ambushing company servers by the thousands in a Distributed Denial of Service (DDoS) attack.
With the ongoing explosion of IoT devices and “business as usual” with Bring Your Own Devices (BYOD), cybersecurity professionals’ jobs aren’t getting any easier. We’re all well-aware that cyberthreats have grown exponentially. In fact, according to the 2018 AT&T Cybersecurity Report, 80 percent of surveyed organizations experienced a successful cyberattack or breach over the past 12 months.
The cybersecurity tipping point
Protecting data is more critical than ever. Successful cyberattacks are happening to organizations of all sizes, in all industries. And, now there’s added pressure on Information Technology (IT), Information Security (InfoSec), and Human Resources (HR) leaders.
Much of this pressure has stemmed from recent, massive data breaches. Gemalto reported that there were 88 percent more records stolen in 2017 than 2016. So, yes, our data is out there – and chances are it’s deep within the dark web being bought and sold by hackers around the globe.
Therefore, it only makes sense that the number one consequence of data breaches is identity theft. In fact, the motive of identity theft drove nearly 70 percent of all data breaches in 2017 (as reported by Gemalto). That is a 73 percent increase from 2016. It’s no surprise that businesses make prime targets for identity thieves. They are ripe with employee data like Social Security numbers, bank account information, W-2 details, and many other pieces of PII.
An attack from every angle
Identity theft is clearly a serious and growing problem. Many people still believe it’s a crime that impacts only the actual victim. That couldn’t be further from the truth. While it is a deeply personal violation that can be emotionally and financially devastating, the effects also negatively impact the victim’s family, friends, and employer.
It’s essential to recognize that there is no longer anonymity around personal information being compromised. In fact, chances are that since the crime is so prevalent, many victims are the people who you work alongside daily. Employees are bringing their own devices to work, connecting their personal web usage to their professional, and making data more-readily accessible to hackers. It could be that their PII is exposed from a cyberattack or perhaps even confidential company information about other employees, customers, or partners. Regardless, it should be a top priority for IT, InfoSec, and HR teams to keep employees protected both inside and outside of work.
Now I’d like to explain some of the reasons why, and some of the ways how…
The impact of identity theft on businesses
As much as we can try to separate the two, our personal well-being has a direct impact on our professional lives. If an employee is an identity theft victim, the employer can expect considerable consequences, such as lost productivity. I know that it can take anywhere from dozens to hundreds of hours away from the office to restore a good name. Due to the stress and worry, even when these employees are present at work, productivity will be lacking.
This will have a negative impact on not just your organizations’ profitability, but also your employee morale. The victim’s colleagues will have to pick up his/her slack due to absenteeism, adding to their stress levels. And, if the case of identity theft was a result of your organization being breached, employee loyalty can take a hit. In some cases, it can even cause unexpected turnover.
Bridging the business and personal security gap
Now is the time for IT and InfoSec teams to elevate their voice within their organizations and mobilize the entire C-suite to get further invested in a culture of security both inside and outside of work.
One way to do this is by implementing mandatory trainings for new hires, and refresher trainings for tenured employees. People are busy. They often forget how they’re putting themselves and others at risk by not taking simple precautions like regularly changing passwords, shredding sensitive documents, not over-sharing on social media, or reporting (and not clicking on!) suspicious emails.
Another way is to proactively offer identity theft protection as an employee benefit. This empowers your workforce to take control of their PII and get real-time, on-the-go alerts if any suspicious activity occurs. Not only does identity theft protection provide your employees with peace of mind, it can dramatically minimize the negative effects. And, with fully-managed restoration if an identity is compromised, there will be little to no impact on your business.
Lastly, I’ve found that occasional security email reminders that pique peoples’ interest about the latest statistics, scams, and ways to stay protected, go a long way toward rallying engagement. When we’re aware of the threats facing us at work and at home, we are all more likely to be vigilant and take the steps necessary to stay protected.
Since the cyberthreats facing us all extend beyond the four walls of the workplace, so should our cybersecurity efforts.