When it comes to data breaches and leaks, companies tend to be aware of the damages they could inflict on their user base. But while unaffected companies analyze the situation to ensure they’re not next, they often overlook the damages already done through their employees.
Data Breaches Are on the Rise
The increase isn’t only limited to the frequency of reported incidents but also the volume of compromised data, records, and files. Because while the number of breaches dropped drastically between 2019 and 2020, the volume of records exposed more than doubled.
But in a world where data breaches and leaks are an everyday occurrence, it’s every company for itself. And since prevention is no longer a viable option, companies now focus on response and damage control. Still, the majority of efforts are directed towards a demographic of average consumers and their needs for privacy and security, not people who work at companies with confidential databases of their own.
The number one motivation for hackers is financial gain, but that doesn’t always reflect in the type of data they target in a breach, even if indirectly. Hackers that steal data to sell on the dark web rarely make much profit off of financial information, especially if they’re of prepaid payment cards.
This type of info doesn’t sell very well on the dark web because they rarely have sufficient funds. And banks and financial services providers tend to have strong security and identity verification requirements. Take, for example the latest incident of the 600,000 payment cards that were leaked on the dark web. They barely contained any funds, and each card averaged at under $50.
It’s personal information that could be used to inflict the most damage. Anything from a person’s full name, phone number, and email address to their social security number and personal information and files.
Payment cards are for hackers looking for a relatively safe and quick profit. Personal information is used by malicious individuals looking for bigger targets.
Consequences for Employees
All employees in any industry or company are consumers of another. Data breaches and leaks of said companies can affect your employees and business in multiple ways.
Increased Stress and Lowered Productivity
There’s no denying the emotional impact people face when they realize their privacy has been violated. And depending on the type of personal data that was included in the breach, their personal lives and relationship may have taken a hit, as well. All of which can bleed into their work environment, leading to lowered productivity and quality of work.
Compromised data and personal information take a lot of work to secure and change. Employees could be overworked visiting their bank to secure their account and work on replacing all old emails and passwords for their accounts that are nothing short of a ticking time bomb.
Cross-Contamination
The mental effects of a data breach are employee-centric but may affect their work. Still, there’s always the more direct threat of cross-contamination.
Depending on the type of breach one or more of your employees were included in, the type of data exposed differs. If cybersecurity and digital-distancing awareness isn’t prominent in your company, then having one employee’s information leaked could also jeopardize the security of your digital assets.
If they use the same email address, phone number, or even passwords in their personal accounts as work-related accounts, whoever gained access to their info and credentials can now infiltrate the company. The consequences could be even direr if they store work-related files on personal devices and cloud storage.
Easier Targets for Phishing Schemes
Phishing attacks rely primarily on how much the perpetrator knows about their target. So while phishing scams of winning an automatic lottery, a distant relative’s inheritance, or package delivery fees rarely work nowadays, highly personalized ones are harder to avoid. The attacker can include classified and sensitive information about their target such as their social security number, and date and place of birth to seem more legitimate.
A phishing attack motivated by a data breach isn’t likely to be after the person themselves. After all, they might know where the person works along with their position and hierarchy in the company. They could use one of your employees as a gateway to your company as a whole, similar to phishing schemes directly targeting businesses, but with a much higher success rate.
Solutions?
There isn’t much you can do when it comes to protecting other businesses from data breaches and leaks. But that doesn’t mean you can’t react properly and prepare for the possibility of being indirectly included in one.
Enforce Digital Distancing
Digital distancing in a work setting is the practice of limiting or eliminating the connection between employees’ personal and work devices and accounts. This approach can be harder to implement in smaller businesses that don’t have the budget to provide staff with work-issued devices, and businesses that rely heavily on remote workers who use their personal laptops and accounts to work on company projects—like using their email to sign in to a work-only platform.
Even if device separation isn’t included, you should still enforce account separation. Emphasize that every employee must have work-only accounts and strong passwords that never get used on personal accounts, along with enforcing a type of identity verification like 2FA or passwordless logins.
Encouraging Open Communication
No one believes they could ever fall for a phishing scheme, but they still happen. In addition to regular and intensive training on the latest phishing attacks, you shouldn’t leave employees alone when it comes to complex phishing attacks.
Promote open communication between your employees and the company’s IT and security departments. Encourage employees to contact them regarding any email or message they deem suspicious. You should also avoid blaming employees as a default. That way, if an employee does fall for a phishing attack, they immediately contact the IT department instead of panicking and working on covering up the problem themselves.
Offer Moral Support
When it comes to managing employees’ stress and the emotional impact they suffer after a data breach, the only thing you can provide is understanding and moral support. Also, the sooner they get their life back in order the sooner they’d be able to get back to working properly again.
Consider offering victims of data breaches and leaks the time off and flexible schedule they may need to meet with their bank and visit government offices to change and secure their personal information.
