This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Two former employees took home thousands of sensitive files, none of which were compromised
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Two data breaches within six months of each other by employees on their last day of work at the Federal Deposit Insurance Corp (FDIC) highlight the need for more security awareness training, experts tell
In both cases, employees downloaded sensitive information as they were leaving jobs with the FDIC. None of the information was compromised, the agency said.
Created by Congress in 1933, the FDIC is an independent government corporation whose sole purpose is to maintain public confidence and stability in the nation’s financial system. It insures individual deposits of up to $250,000.
“Maintaining public confidence is hard to do when an employee can walk away with supposedly secure customer data apparently without even knowing it,”
The Washington Post opined.
Some 44,000 FDIC customers had their information exposed in February when an employee quit the agency and accidentally carried customer names, Social Security numbers and addresses out on a personal storage device that also included her personal information, according to news reports.
“Security is as much a cultural issue as a technical one,” David Meyer, vice president of products and online business at OneLogin, an access management firm based in San Francisco told SHRM Online April 21. He added that “the security posture day to day among the employees is the largest battle.”
In a separate incident at the FDIC in October, another FDIC employee left the agency for a job in the private sector and took with her on a thumb drive 10,0000 records containing highly sensitive information. That information included Social Security numbers and loan and banking information for American citizens, according to a Feb. 19 report from FDIC Assistant Inspector General for Audits Mark Mulholland. It was information she had access to as part of her job.(Federal Times and
the Washington Post)
data loss protection software detected the compromise of records and alerted security staff. The FDIC contacted the ex-employee immediately and asked her to return the drive; the agency had it back by March 1,” American Banker reported.(American Banker and
Whether an employee haphazardly clicks on a link that exposes organizations to viruses or takes sensitive data home on a laptop that gets stolen or purposely hacks into sensitive files for personal financial gain, HR professionals need to guard against workers’ ability to compromise important data. (SHRM Online)
Having technology in place to detect untoward activity is smart, but while “technology is critical … you should eliminate passwords in applications, use multiple authentication factors, and analyze behavior. Yet, the attitude employees have can circumvent all of that. HR needs to partner with IT to ensure the workplace facilitates security,” Meyer said.
There are other things HR can do, too.
“One of our customers has a policy of looking over all activities for the past 90 days when an employee resigns,” Meyer said. “This is because the intention to leave comes long before the resignation and with the intention to leave comes a risk of bad behavior.
“The better manager training, the better the trust in an organization, the better a sense of aligned values and common mission mitigate these factors. If there is no ill will, then there will be fewer malicious acts.”
Meyer said HR and IT can also use “an identity system together with other tools [that] can monitor behavior to detect anomalies. When behavior patterns change it can be a sign of ill intent; downloads are one aspect, but what files or information are accessed online is much more common in this cloud-centric world.”
Aliah D. Wright is an online editor/manager for SHRM.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies