This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Sources say hack bigger than Sony Pictures’
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Not only did cyberthieves hack into HBO's computer systems last weekend, but also experts investigating the breach now say employee data was stolen. The amount of information taken is seven times larger than what was taken from Sony Pictures in a similar hack three years ago.
The latest breach should be a wakeup call for HR professionals tasked with keeping workers' sensitive information secure.
Hackers stole 1.5 terabytes of data from the HBO television network, Entertainment Weekly reported recently, releasing employee data, e-mails and other sensitive material. They also leaked a script for a future episode of the wildly popular series "Game of Thrones," as well as unaired episodes of the shows "Ballers" and "Room 104."
According to Variety, "thousands of potentially sensitive internal documents, employee data, and a possible access to internal corporate e-mail" were exposed. In 2014, hackers believed to be sponsored by North Korea invaded Sony Pictures' network and stole employee data, videos, scripts, and an unreleased movie. At least one Sony executive lost her job.
In a statement, HBO acknowledged the hack and said it was working with law enforcement and private firms to scrub the Internet of its data.
"Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold," network executives stated in a media release.
(Entertainment Weekly, Variety)
Lessons for HR
As SHRM Online reported shortly after the 2014 data breach at Sony, hackers who called themselves the Guardians of Peace published data stolen from the California movie studio's computer systems on the Internet. Initially, hackers released e-mails with humiliating comments studio executives made about movie stars, their salaries and then-President Barack Obama. Eventually, hackers threatened to release the comedy The Interview, which depicts the fictional assassination of North Korean dictator Kim Jung Un. That led Sony to delay the theatrical release and stream it online instead.
Hackers enjoy targeting movie and television studios. In April, a hacker broke into Netflix's computer systems and released unaired episodes from the fifth season of "Orange is the New Black."
Such breaches should make HR more vigilant about cybersecurity.
"This is not something that should be bottled up in IT" but should involve the C-suite and the board, said Adam Levin, founder and chairman of Arizona-based IDT911, an information security firm. Organizations need "an entirely new corporate culture where security is part of the fabric of that culture." He said organizations should appoint a chief information security officer and make certain employee information is restricted, encrypted and segregated from other data.
(SHRM Online, The New York Times)
[SHRM members-only toolkit: Record-Keeping Policy: Safeguarding Social Security Numbers]
Please, Train Employees
Employees are the first line of defense against data breaches, experts say, and HR should equip them with information to thwart cyberattacks.
Most data breaches (24 percent) are caused by employee error; 15 percent are an inside job; 12 percent occur as the result of phishing attempts where employees click on phony links; 12 percent happen because a third-party accessed the data; lost laptops or devices are blamed for 9 percent and 7 percent are due to malware.
Unfortunately, "fewer than half of in-house counsel (45 percent) said that their companies have mandatory training for employees on how to prevent cybersecurity breaches," found the Association of Corporate Counsel (ACC) Foundation.
"HR has a tremendous opportunity" to educate employees about cybersecurity, and to design policies that support legal, financial and information technology, said Amar Sarwal, vice president and chief legal strategist for ACC. "HR can be right at the center of this."
Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies