The average cost of a data breach is currently clocking in at $3.62 million—an amount few companies can afford to lose. It’s not enough to have firewalls and various technologies to try and keep cyber criminals at bay, though. Your employees may unintentionally open your organization up to a data breach, whether through a Bring Your Own Device (BYOD) policy, falling for phishing scams, or storing files on a non-secure website.
So, what is your company doing to secure your employees’ Personally Identifiable Information (PII)?
New research from IdentityForce shows that HR and IT seem to be joining forces to combat identity theft-related issues. When it comes to who is leading the effort to protect the personally identifiable information of employees, approximately 65% of survey respondents selected HR and IT.
Typically, the role of security or securing data within the organization has fallen within IT’s camp. And, the budget for this has been massive. In fact, Gartner indicates that worldwide spending on information security products and services will reach $86.4 billion this year, an increase of 7 percent over 2016, with spending expected to grow to $93 billion in 2018. However, even with all the security products and spend, vulnerabilities will always exist, and that’s why it’s important to have HR and IT collaborate on protecting employees’ PII.
- Why HR? They’re seen as the policy implementers and change-makers within organizations. HR usually handles employee benefits (like identity theft protection), organization of sensitive files, background checks, and creates company-wide policies, like BYOD.
- Why IT? IT or Information Security (InfoSec) teams are viewed as being the experts when it comes to protecting company data and employees from within the four walls of the organization—but what happens when an employee ventures outside those four walls? That’s where the IT interest expands into ensuring all the work they’ve done corporate-wise isn’t easily compromised outside of the office; for example, if an employee clicks on a phishing email on a personal device used for business and suddenly exposes sensitive corporate information.
In summary, employee identity theft protection is not just one department’s job—everyone needs to work together because protecting sensitive data should be the entire company’s responsibility. HR and IT can combine forces to lead the charge, as they both provide essential skillsets, and ensure any strategies or policies are implemented company-wide. By empowering your employees and giving them control of managing and protecting their personal data, they will feel personally responsible for helping to protect against identity theft or compromising sensitive company data.
Don’t forget that not all breaches are huge cyber attacks. Thieves may find your company’s vulnerability in the form of one naïve employee who clicks a link in a realistic-looking phishing email and accidentally downloads malware that infects the whole company. Therefore, having continuous training and education, run by both HR and IT, will help to get every single employee on board with cybersecurity and identity theft protection.
At the end of the day, your company stands a better chance of keeping criminals away and protecting employees’ personally identifiable information if everyone—from the CEO’s assistant, to the top sales rep, and the CTO—is on the same page.
Are you thinking about offering identity theft protection as an employee benefit? Download IdentityForce’s 2017 State of Progressive Employee Benefits: Survey Results from the HR Frontline. With more than 100 HR professionals surveyed, you’ll learn more about their expectations related to offering ID theft protection as an employee benefit and the general trends in building employee experience around progressive benefits.