Employees: A Data Breach’s Hidden Victims
Headline-grabbing data breaches have raised awareness of the devastating impact data loss can have on the affected consumers and the breached company. Hopefully, stories like the SONY and Anthem breaches have inspired your company to step up its data breach preparedness and prevention efforts. But are you overlooking the third, hidden group of victims that suffer when data is lost or stolen? Data breaches adversely affect the employees of a breached company.
In fact, a 2014 study by Carbonite found that 62 percent of IT professionals had experienced data loss during their career, and that the breaches had negatively impacted the breached company’s employees in multiple ways, including loss of work-life balance, damaged office morale, increased management scrutiny, firings or layoffs, and voluntary separations.
Moreover, employee data may also be lost in the breach, exposing workers to the same risks consumers face in the wake of a data breach. In the Sony Pictures Entertainment breach, employees’ personal emails and intellectual property were exposed. And the recently discovered breach of data from the federal Office of Personnel Management possibly exposed personal information of millions of government employees and/or people who had applied for a government job, whether they had been hired or not.
When employee information is stolen, there’s an added layer of complexity. In addition to personal identifying information, these thefts may also expose the employee’s salary, benefit information or special credentials. While credit monitoring can help protect financial accounts for people caught up in a data breach, there’s currently no kind of monitoring available that can help protect this kind of specialized information. Once it’s exposed, a company can do nothing to protect the individual or his or her information. This is especially troubling for information such as access or special credentials. It’s conceivable that a person whose specialized information has been breached could become the victim of blackmail from the cyber criminals who perpetrated the breach, or those who sold the stolen information on the black market.
It’s important that your data breach response plan addresses the possibility of employee data theft, and outlines how your company will support and protect employees whose information is stolen. Your plan should also address the potential effect of a data breach on employees, even if their own information isn’t part of the leaked data. In the stress of a breach, it can be easy to overlook the people you’re counting on to keep the company going, but it’s vital to take steps to maintain employee morale and work-life balance as part of your recovery efforts.