Get access to the exclusive HR Resources you need to succeed in 2018!
Training, policies and tools to help HR prevent and respond to harassment claims.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
The Securities and Exchange Commission (SEC) is investigating whether two massive data breaches at Yahoo Inc. should have been reported sooner to investors, The Wall Street Journal and others reported.
As SHRM Online reported, Yahoo revealed in December that 1 billion accounts were breached in 2013. That hack is in addition to the one the search engine giant disclosed in September, when the company said that at least 500 million accounts were illegally accessed in 2014.
In the Dec.14 announcement, Yahoo said users' names, e-mail addresses, passwords, security questions and answers, and telephone numbers were exposed. (The Daily Beast, SHRM Online)
A source told The Wall Street Journal the probe is expected to focus on both attacks. Yahoo didn't disclose the 2014 attack for two years, which may have been in violation of civil securities laws. While SEC guidelines from 2011 mandate that companies disclose any security breaches, those guidelines don't stipulate a timeframe, the paper reported. This means the Yahoo case may set a precedent. "According to people familiar with the matter [this] could prove to be a major test in defining when a company is required to disclose a hack," The Journal reported. (The Wall Street Journal, subscription required)
The probe is yet another reason HR and IT must be vigilant not just in their cybersecurity efforts but in reporting attacks to clients, customers, and staff, experts tell SHRM Online.
Security begins and ends with employee education, training and backing up files:
"Most businesses view the responsibility of mitigating information security risks as being squarely in the purview of their information technology department. However, one study found that human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking," according to a recent SHRM Online article.
As detailed in the fourth edition of the Common Sense Guide to Mitigating Insider Threats from the Carnegie Mellon Software Engineering Institute, security awareness training is critical to improved security. Unfortunately, it is one of the most ignored areas in many organizations' information security plans but it doesn't have to be.
There's a wealth of information on how to keep data secure, such as Foley & Lardner's Employee Information Security Checklist. Foley & Lardner is an international law firm based in Milwaukee. (HR Magazine, SHRM Online)
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Apply by March 23
SHRM’s HR Vendor Directory contains over 3,200 companies