Data Security is a Human Resources Issue

WikiLeaks’ recent dump of confidential hacking tools that belonged to the CIA is a good reminder: disgruntled insiders can be devastating.

Can you tell whether any of these people are carrying a USB drive full of confidential data in their pocket?

Experts estimate that nearly 33% of the reported data breaches last year were done by or with the assistance of an inside employee or contractor. Further, data breaches involving insiders tend to be more costly, as insiders have access to the company’s most sensitive information.

Examples of inside jobs from recent history include the very public “hacks” of Sony and Ashley Madison. Edward Snowden was a CIA contractor and insider who, in 2013, exposed the NSA’s spying program by providing confidential information to WikiLeaks. A similar dump of the NSA’s confidential hacking tools last year is believed to have been perpetrated by an insider. Julian Assange claims to have evidence that the recent “hack” of the Democratic National Convention emails was an inside job, perpetrated by a member of the DNC. And now Reuters is reporting that US Officials believe the recent WikiLeaks dump of the CIA’s hacking tools in “Vault 7” was the work of an insider.

FTI Consulting recently polled 1,000 office workers in the United Kingdom and discovered that “34 per cent of millennials (aged 18 to 29) view data theft as a victimless crime compared with only 11 per cent of baby boomers (aged 55-plus)” and that “more than 72 per cent of millennials believe they are entitled to take data they have worked on compared with 41 per cent of baby boomers.” Shifting attitudes toward data ownership coupled with modern technology make data breaches increasingly likely. Even a technically unsophisticated employee can use a thumb drive, a personal email address, or a Dropbox account to abscond with valuable company secrets, and they are three times more likely to do it for revenge than for money. In the case of the Sony “hack,” investigators now believe the breach was perpetrated by a disgruntled employee as retaliation for being laid off.

Hollywood movies have warped our perception of reality when it comes to “hackers” and data security. Too often, we gloss over at the mention of computers, networks, and related technology, believing that all to be the province of the people without suntans who work in the IT department. If we fall into this line of thinking, we do ourselves a disservice. Engaged, fairly-compensated, and fairly-treated employees are less likely to steal data, and this is the province of HR. Human Resources professionals can help foster a corporate culture that values data security. Perhaps more importantly, HR can monitor employee engagement and “develop and maintain effective relationship[s] with every member of staff,” which should reduce the risk of insider data breaches. Disgruntled employees are known security risks. Thus, strong interpersonal skills are a must for effective HR managers.

If you would like to discuss practical policies and educational programs your HR department can implement to assist in the protection of your organization’s confidential information, we would be happy to assist you. Please feel free to call (470.839.9300) or email (beau@freedhoward.com).

Leave a Reply