This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
The Securities and Exchange Commission (SEC) is investigating whether two massive data breaches at Yahoo Inc. should have been reported sooner to investors, The Wall Street Journal and others reported.
As SHRM Online reported, Yahoo revealed in December that 1 billion accounts were breached in 2013. That hack is in addition to the one the search engine giant disclosed in September, when the company said that at least 500 million accounts were illegally accessed in 2014.
In the Dec.14 announcement, Yahoo said users' names, e-mail addresses, passwords, security questions and answers, and telephone numbers were exposed. (The Daily Beast, SHRM Online)
A source told The Wall Street Journal the probe is expected to focus on both attacks. Yahoo didn't disclose the 2014 attack for two years, which may have been in violation of civil securities laws. While SEC guidelines from 2011 mandate that companies disclose any security breaches, those guidelines don't stipulate a timeframe, the paper reported. This means the Yahoo case may set a precedent. "According to people familiar with the matter [this] could prove to be a major test in defining when a company is required to disclose a hack," The Journal reported. (The Wall Street Journal, subscription required)
The probe is yet another reason HR and IT must be vigilant not just in their cybersecurity efforts but in reporting attacks to clients, customers, and staff, experts tell SHRM Online.
Security begins and ends with employee education, training and backing up files:
"Most businesses view the responsibility of mitigating information security risks as being squarely in the purview of their information technology department. However, one study found that human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking," according to a recent SHRM Online article.
As detailed in the fourth edition of the Common Sense Guide to Mitigating Insider Threats from the Carnegie Mellon Software Engineering Institute, security awareness training is critical to improved security. Unfortunately, it is one of the most ignored areas in many organizations' information security plans but it doesn't have to be.
There's a wealth of information on how to keep data secure, such as Foley & Lardner's Employee Information Security Checklist. Foley & Lardner is an international law firm based in Milwaukee. (HR Magazine, SHRM Online)
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 10,000 companies