When it comes to data breaches and leaks, companies are often aware of the damage they can do to their user base. But as unaffected companies analyze the situation to make sure they̵
Data breaches on the rise Are
The increase is not only limited to the frequency of reported incidents, but also to the amount of compromised data, records and files. Because while the number of breaches dropped dramatically between 2019 and 2020, the number of exposed records has more than doubled.
But in a world where data breaches and leaks are the order of the day, it’s every company for itself. And as prevention is no longer a viable option, companies are now focusing on response and harm reduction. Yet most efforts are focused on a demographic of average consumers and their needs for privacy and security, not people who work at companies with their own confidential databases.
The main motivation for hackers is financial gain, but that’s not always reflected in the kind of data they target in a breach, even if it’s indirect. Hackers who steal data to sell it on the dark web rarely make much money from financial information, especially when it comes to prepaid debit cards.
This kind of info doesn’t sell very well on the dark web because they rarely have enough money. And banks and financial services companies generally have strict security and identity verification requirements. Take, for example, the latest incident of the 600,000 payment cards that have been leaked on the dark web. They barely contained any money and each card averaged less than $50.
It is personal information that can be used to do the most harm. Everything from a person’s full name, phone number, and email address to social security number and personal information and files.
Payment cards are for hackers who want to make a relatively safe and quick profit. Personal information is used by malicious individuals looking for bigger targets.
Consequences for employees
All employees in one industry or company are consumers of another. Data breaches and leaks from the aforementioned companies can affect your employees and company in several ways.
Increased stress and decreased productivity
There is no denying the emotional impact people have when they realize their privacy has been violated. And depending on the type of personal data involved in the breach, their personal life and relationship may also have taken a hit. All of this can seep into their work environment, leading to reduced productivity and quality of work.
Compromised data and personal information takes a lot of work to secure and change. Employees may be overworked to visit their bank to secure their account and are working to replace all the old emails and passwords for their accounts which are nothing short of a ticking time bomb.
The mental effects of a data breach are aimed at the employee, but can affect their work. Still, there is always the more immediate threat of cross-contamination.
Depending on the type of breach involving one or more of your employees, the type of data exposed differs. If cybersecurity and digital distancing awareness aren’t prominent in your business, leaking one employee’s information can also jeopardize the security of your digital assets.
If they use the same email address, phone number, or even passwords in their personal accounts as work-related accounts, whoever gained access to their information and credentials can now infiltrate the company. The consequences can be even worse if they store work-related files on personal devices and cloud storage.
Easier targets for phishing schemes
Phishing attacks mainly depend on how much the perpetrator knows about their target. So while phishing scams for winning an automatic lottery, inheritance of a distant relative or parcel delivery charges rarely work these days, highly personalized scams are harder to avoid. The attacker can include classified and sensitive information about his target, such as his Social Security number and date and place of birth to appear more legitimate.
A phishing attack motivated by a data breach is unlikely to target the individual. After all, they may know where the person works along with their position and hierarchy in the company. They can use one of your employees as a gateway to your company as a whole, similar to phishing schemes that target businesses directly, but with a much higher success rate.
There’s not much you can do when it comes to protecting other companies from data breaches and leaks. But that doesn’t mean you can’t respond well and prepare for the possibility of being included indirectly.
Enforce digital distance
Digital distancing in a work environment is the practice of limiting or eliminating the connection between employees’ personal and business devices and accounts. This approach can be more difficult to implement in smaller companies that don’t have the budget to provide staff with work-issued devices, and those that rely heavily on remote workers using their personal laptops and accounts to work on corporate projects, such as using their email to sign up with a work platform.
Even if device segregation isn’t included, you still need to enforce account segregation. Emphasize that every employee should have work-only accounts and strong passwords that are never used for personal accounts, along with enforcing some sort of identity verification like 2FA or passwordless logins.
Encouraging open communication
No one believes they can ever fall for a phishing scheme, but they still happen. In addition to regular and intensive training on the latest phishing attacks, you should not leave employees alone when it comes to complex phishing attacks.
Promote open communication between your employees and the company’s IT and security departments. Encourage employees to contact them about emails or messages they find suspicious. You should also avoid blaming employees as default. For example, if an employee does fall for a phishing attack, they immediately contact the IT department instead of panicking and covering up the problem themselves.
Provide moral support
When it comes to coping with employee stress and the emotional impact they experience after a data breach, all you can offer is understanding and moral support. And the sooner they get their lives back in order, the sooner they can work properly again.
Consider giving victims of data breaches the free time and flexible scheduling they need to meet with their bank and visit government offices to modify and secure their personal information.