Not yet a Member?
HR Magazine is highlighting the next generation of HR leaders.
Is your employee handbook ready for the New Year? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
30+ HR education programs, including 4 NEW programs on hot topics, are available for registration.
Join us in Chicago for the latest trends and technology in talent management, and what to expect in the future.
Each year, companies spend millions of dollars on computer software and hardware to keep hackers from stealing their secret data. However, as data breaches continue to rise—more than 50 percent during 2008 alone—at least one expert says the best tool in preventing data leakage might not be technology, but employee behavior.
“Dealing with the people factor is often a forgotten step or one considered less important than a technological solution,” said Jonathan Tait, product marketing manager at
Sophos, an information technology security and control company based in the United Kingdom.
“Everybody in the organization needs to be part of the solution,” Tait said, and that includes HR departments.
Data Breaches Rising
The rising tide of data security breaches is putting companies and their customers at risk of losing proprietary data and becoming the victim of identity theft.
According to figures released Jan. 6, 2009, by the Identity Theft Resource (ITR) Center of San Diego, a nonprofit group that works to prevent identity theft, businesses, educational establishments and governments recorded nearly 50 percent more data breaches in 2008 than in 2007, exposing the personal records of at least 35.7 million Americans.
The center discovered that the percentage of breaches attributed to data theft from current and former employees more than doubled from 7 percent in 2007 to nearly 16 percent in 2008.
Since 2005, more than 246 million records containing sensitive personal information—including names, addresses and Social Security numbers—have been stolen, lost or released accidentally, according to the
Privacy Rights Clearinghouse, a consumer advocacy group.
"This may be reflective of the economy, or the fact that there are more organized crime rings going after company information using insiders," Linda Foley, ITR’s co-founder, told
The Washington Post. "As companies become more stringent with protecting against hackers, insider theft is becoming more prevalent."
Even large companies and government agencies have fallen victim. The Starbucks coffeehouse chain in November 2008 lost track of four laptops that held the personal information of 60,000 current and former U.S. workers and about 80 Canadian workers and contractors. A month earlier, the U.S. State Department said, a ring of thieves obtained confidential information from passport applications. The criminals could use the information to activate credit cards stolen from the mail, according to the State Department.
Educating Employees Is Crucial
Tait gave companies advice on how to prevent data security breaches during a December webcast hosted by
SC Magazine, which covers information technology security. Installing computer firewalls to prevent hacking and encryption software to stop thieves from culling data from lost laptops and other portable electronic devices is crucial, Tait said.
However, getting employees onboard is just as important, he said. More companies are giving employees portable devices that allow them to work remotely. These devices include laptops, BlackBerrys and “thumb drives,” small, portable electronic storage devices that users can put on their key rings.
Security breaches occur frequently when employees lose this gear. About 70 percent of all company data is stored in end points such as computer hard drives and portable drives, Tait said. According to Forrester Research, more than half of the largest U.S. corporations have lost data in the past two years through the loss of storable data devices such as USB drives alone.
“They are not malicious attacks, if you will,” Tait said. “But they continue to happen on a weekly and monthly basis.”
There are things companies can do to minimize the chances that their workers become data security risks:
Risk of Social Sites
More Americans are using social networking sites such as Facebook, MySpace and Twitter. Employees who use these sites could put their companies at risk, but not necessarily because of leaked data, Tait said.
Employees can go on these web sites and write innocently about work activities, meetings or the people they interact with during the day.
Remember that old saying, “Loose lips sink ships”? Tait said employees who use these web sites could end up giving away proprietary information inadvertently that alert competitors could pick up and use against their companies.
Instant messaging can also be dangerous because photos and other files can be sent through instant messages. An employee could attach and send a sensitive corporate document accidentally, Tait said.
“The thing we can control and actually where the problem lies the majority of the time is through accidental leakage,” he said.
Ethics Is Also Important
Nevertheless, HR can help prevent employees from falling prey to data loss by ensuring that there is a multipronged approach in which all employees participate. Not only does it take a village, it also takes chiefs who lead by example, says one HR expert.
“The focus on managing and regulating compliance has taken the place of leadership and example in doing the right thing,” said Professor Marty Val Hill, SPHR, of the Woodbury School of Business at Utah Valley University, and a member of the Society for Human Resource Management’s Ethics Special Expertise Panel.
Interviewed in 2008 about increasing corporate fraud, Hill said that, ultimately, employees need strong leaders in HR and executive roles who practice what they preach in terms of ethical conduct.
“Examples of self-restraint for the social good are harder to find in the headlines today than they were generations ago. It is no excuse, but there does seem to be a correlation here. Some people enjoy justifying personal misconduct because of social norms. Even in education, I suppose, many of us are guilty of grading on the curve in an effort to give our students the benefit of the doubt. Grading on the curve when it comes to compliance and ethical conduct, however, is not beneficial to anyone.”
Greg Wright is a former financial reporter for Dow Jones News Service and Knight-Ridder Financial News, and a technology writer for Gannett News Service/USA Today. He can be reached at
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies