How valuable are your Employees?
62% of business users report that they have access to company data that they probably shouldn’t see. Is this true for your company? And if so what is that data?
Employee DataRecent high profile cyber breaches and strict data protection rules such as the introduction of the General Data Protection Legislation (GDPR) in Europe has caused many companies to sit up and begin to asses internal security procedures and the data they hold. The focus has primarily been on customer data and the risk associated with a breach of customer data, which of course is very important for a business and largely applies in the B2C world. One area however that seems to be overlooked is that of protecting the data belonging to your employees. In the words of Richard Branson, “Clients do not come first. Employees come first. If you take care of your employees, they will take care of the clients”. Employers all over the world store and process sensitive data belonging to their employees on a daily basis for HR, Finance and Payroll functions. Data such as names, address, email address, date of birth, phone numbers, bank account details, tax identification numbers, medical records and other personal data are held in every company worldwide. This data is becoming increasingly more valuable on the dark web. When preparing for GDPR and carrying out internal audits on the customer data held, companies must also factor in the valuable data belonging to employees. Include internal processes relating to the storing, managing and protecting of employee data and most importantly, who in the organization has access to employee data and why?
Payroll ManagementThese principles apply to companies who outsource their payroll function or manage it in house, it is this function of the business that primarily holds critically important sensitive data belonging to the employees. If outsourcing, it is the responsibility of the organization to vet the payroll vendor/supplier and ensure the security of their employee data and that correct measures and controls are in place by the vendor to protect the data from a breach.
Insider ThreatsWhen discussing employees and sensitive data we must also look at the very real risk of insider threats both malicious and unintentional. One of the largest threat to an organization when it comes to cyber-crime and security breaches is the employees themselves, one study by Gartner says:
- 62% of breaches involved employees looking to establish a second stream of income from their employers’ sensitive data
- 29% stole information on the way out the door to help future endeavors
- 9% were saboteurs