The Equifax Data Breach Reinforces an Important Workplace Mindset about Security
According to cybersecurity experts and HR pros across a wide range of industries, the Equifax data breach that occurred early last year contains some critical lessons for employers everywhere. Specifically, one: employee cybersecurity training represents an important aspect of company stability.
The data breach at Equifax could have been prevented by a host of factors, presumably, and the resulting PR fallout could have been mitigated by a stronger and quicker response from the company CEO. But when traced back to its original source, the entire scandal and the exposure of millions of volumes of personal data can be linked to simple human error. And simple human error—while impossible to completely control—can be reduced dramatically with proper training.
Lesson for HR: Train Employees with Cybersecurity in Mind
While IT teams work to keep sensitive data restricted, encrypted, and isolated from other files, company directors should keep their attention focused well beyond the IT landscape. As it happens, data security isn’t just an IT issue. Training and security policies should be a part of daily life for board members, C-suite personnel, and every employee of the company all the way down to the newest entry-level hire. And while every member of the team will play a different role in the organization and will handle data in very different ways, there are three recommendations that should apply across the board:
- Employees should work every day to limit information access only to those who need the information. This simple reminder should be worked into the fabric of the company culture.
- Multifactor authentication should also become part of everyday life in the workplace. When properly maintained, two-factor authentication (like passwords combined with fingerprint or face recognition) can prevent unauthorized data access. Just as important, it can provide a trail that reveals who accessed specific information and when. This can be applied to files as well as restricted areas of the building.
- Administrative passwords should be changed on a regular basis. At first, employees may resent the hassle of needing to change their passwords more often, but in the long run, this simple routine can add an inexpensive and meaningful layer of protection.
Establish training sessions early for new employees so they can quickly become familiar with company policies and processes. And keep in mind that it’s never too late to implement regular security training for existing employees who need a refresher course.