Not a Member? Get access to HR news and resources that you can trust.
HR professionals share their advice for minimizing worker stress and boosting retention.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Virtual SHRM-CP/SHRM-SCP Certification Prep Seminars kick off September 12 and fill up fast!
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
Train employees on proper data security protocols, experts say
He couldn't format a spreadsheet.
So he sent it to his spouse for help, ultimately causing a breach that could have exposed the personal data of 36,000 Boeing employees in four states, according to a report by The Associated Press (AP).
This is a good reminder of why HR needs to ensure employees are trained on proper data security measures.
The Boeing employee told investigators that he didn't know the spreadsheet contained sensitive data. AP reported that names, ID numbers and accounting codes were in visible columns "and birth dates and Social Security numbers [were] in hidden columns." This may be why he wasn't aware he was sharing confidential material.
Chicago-based Boeing, a multinational company that designs, manufactures and sells rockets, satellites, airplanes and rotorcraft, sent a letter to Washington State Attorney General Bob Ferguson in February notifying him of the breach. Nearly 8,000 Boeing employees in Washington had their data exposed. It wasn't immediately clear if Boeing notified attorneys general in the other three states or which states those employees worked in.
The breach occurred in November 2016, but Boeing only became aware of it in January. It then notified employees by letter and offered them free credit-monitoring services. The company reportedly said it destroyed copies of the spreadsheet and it doesn't think any of the information was misused.
[SHRM members-only HR Q&A: Much of our employee data is now electronic and is accessible via the Internet and mobile devices. What are some best practice approaches to safeguard this information?]
Employee error is to blame for most data security breaches, according to a study by U.K.-based information security company Egress Software Technologies. "Human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking," study authors wrote.
Why HR Should Mandate Security Training
According to the Association of Corporate Counsel (ACC) Foundation, fewer than half of in-house counsel (45 percent) said their organizations require employees to take training on how to prevent cybersecurity breaches.
"HR has a tremendous opportunity" to educate employees about good cybersecurity habits, said Amar Sarwal, vice president and chief legal strategist for the ACC, in an interview with SHRM Online in January 2016.
"HR can be right at the center of this," Sarwal said.
In addition, HR can train employees to turn to their IT departments for help with technology issues—instead of turning to a third party (like their spouse).
"Readable and effective policies can be used in conjunction with effective employee training to reduce data security incidents caused by human error," SHRM Online reported in June 2016.
Training employees about security policies only yearly, or only when they're new on the job, isn't enough, said Stu Sjouwerman, CEO of Clearwater, Fla.-based KnowBe4, which makes security awareness training and simulated phishing platforms.
"To be most effective, use anti-phishing tools to frequently test employees on a variety of … subjects, then follow up with remedial training for anyone who fails," he said.
Sjouwerman also recommended that employers:
Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies
[/_catalogs/masterpage/SHRMCore/Main.master][Title][SHRM Online - Society for Human Resource Management]