NEW Professional Member Special>>> Save $20 and receive a SHRM tote bag
More companies are recognizing the importance of giving employees the time and space they need to navigate personal loss.
Save $20 on a New Professional Membership and receive a FREE Tote bag when you join SHRM today!
Virtual SHRM-CP/SHRM-SCP Certification Prep Seminars kick off September 12 and fill up fast!
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
The Securities and Exchange Commission (SEC) is investigating whether two massive data breaches at Yahoo Inc. should have been reported sooner to investors, The Wall Street Journal and others reported.
As SHRM Online reported, Yahoo revealed in December that 1 billion accounts were breached in 2013. That hack is in addition to the one the search engine giant disclosed in September, when the company said that at least 500 million accounts were illegally accessed in 2014.
In the Dec.14 announcement, Yahoo said users' names, e-mail addresses, passwords, security questions and answers, and telephone numbers were exposed. (The Daily Beast, SHRM Online)
A source told The Wall Street Journal the probe is expected to focus on both attacks. Yahoo didn't disclose the 2014 attack for two years, which may have been in violation of civil securities laws. While SEC guidelines from 2011 mandate that companies disclose any security breaches, those guidelines don't stipulate a timeframe, the paper reported. This means the Yahoo case may set a precedent. "According to people familiar with the matter [this] could prove to be a major test in defining when a company is required to disclose a hack," The Journal reported. (The Wall Street Journal, subscription required)
The probe is yet another reason HR and IT must be vigilant not just in their cybersecurity efforts but in reporting attacks to clients, customers, and staff, experts tell SHRM Online.
Security begins and ends with employee education, training and backing up files:
"Most businesses view the responsibility of mitigating information security risks as being squarely in the purview of their information technology department. However, one study found that human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking," according to a recent SHRM Online article.
As detailed in the fourth edition of the Common Sense Guide to Mitigating Insider Threats from the Carnegie Mellon Software Engineering Institute, security awareness training is critical to improved security. Unfortunately, it is one of the most ignored areas in many organizations' information security plans but it doesn't have to be.
There's a wealth of information on how to keep data secure, such as Foley & Lardner's Employee Information Security Checklist. Foley & Lardner is an international law firm based in Milwaukee. (HR Magazine, SHRM Online)
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies