Not a Member? Get access to HR news and resources that you can trust.
Standing desks and other innovative workstations can help counterbalance the negative health effects of sitting.
Is your employee handbook ready for the New Year? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Get the HR education you need without travel expenses or time out of the office.
Elevate Your Talent Strategy. Join us in Chicago, IL – April 24-26, 2017.
The Securities and Exchange Commission (SEC) is investigating whether two massive data breaches at Yahoo Inc. should have been reported sooner to investors, The Wall Street Journal and others reported.
As SHRM Online reported, Yahoo revealed in December that 1 billion accounts were breached in 2013. That hack is in addition to the one the search engine giant disclosed in September, when the company said that at least 500 million accounts were illegally accessed in 2014.
In the Dec.14 announcement, Yahoo said users' names, e-mail addresses, passwords, security questions and answers, and telephone numbers were exposed. (The Daily Beast, SHRM Online)
A source told The Wall Street Journal the probe is expected to focus on both attacks. Yahoo didn't disclose the 2014 attack for two years, which may have been in violation of civil securities laws. While SEC guidelines from 2011 mandate that companies disclose any security breaches, those guidelines don't stipulate a timeframe, the paper reported. This means the Yahoo case may set a precedent. "According to people familiar with the matter [this] could prove to be a major test in defining when a company is required to disclose a hack," The Journal reported. (The Wall Street Journal, subscription required)
The probe is yet another reason HR and IT must be vigilant not just in their cybersecurity efforts but in reporting attacks to clients, customers, and staff, experts tell SHRM Online.
Security begins and ends with employee education, training and backing up files:
"Most businesses view the responsibility of mitigating information security risks as being squarely in the purview of their information technology department. However, one study found that human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking," according to a recent SHRM Online article.
As detailed in the fourth edition of the Common Sense Guide to Mitigating Insider Threats from the Carnegie Mellon Software Engineering Institute, security awareness training is critical to improved security. Unfortunately, it is one of the most ignored areas in many organizations' information security plans but it doesn't have to be.
There's a wealth of information on how to keep data secure, such as Foley & Lardner's Employee Information Security Checklist. Foley & Lardner is an international law firm based in Milwaukee. (HR Magazine, SHRM Online)
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Exam Late Application Deadline: April 14
SHRM’s HR Vendor Directory contains over 3,200 companies