Tech Lessons for HR as Data Breach Hits Kids

HR should focus on prevention, experts say

By Aliah D. Wright Dec 4, 2015
LIKE SAVE PRINT
Reuse Permissions

I​​t’s bad enough that working adults have to worry about their data security when hackers attack, but now kids are being targeted, too.

On Dec. 1, 2015, Chinese toy company VTech revealed that 4.8 million parent accounts and about 6.3 million children’s profiles worldwide were breached, according to a statement published on the company’s website.

That information included names, IP addresses, e-mails, download histories, encrypted passwords, and even the security questions and answers needed to retrieve or change those passwords. Not only was that data exposed, but the names, birthdates and genders of children were breached, too.

Sound familiar?

It should. That same kind of information has been stolen from companies’ HR files.

What's Next?

In addition to credit monitoring, experts say parents may likely receive the same advice received by millions of past and present federal employees whose personal data was stolen in the U.S. Office of Personnel Management (OPM) cyberattack earlier this year and during the Sony hack.
That advice includes being vigilant about protecting data and reviewing security protocols. During the AshleyMadison.com breach, experts suggested HR make employees participate in data security awareness training.

Cost of Breaches

For many companies, data breaches are costly affairs. According to a study commissioned by IBM and conducted by data security researchers the Ponemon Institute, the total average cost of a data breach in 2015 is now $3.8 million.

Reutersreported Dec. 2 that “Target Corp. agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach.” In that case, 110 million people had their phone numbers and e-mail addresses stolen after 40 million credit cards were compromised.

As Jim Farrell, senior vice president of products at New Jersey-based Archive Systems, told HR professionals at a technology conference earlier this fall, HRIT professionals must be proactive when it comes to protecting their data, and that includes having a plan to prevent such breaches before they happen.

So what can HR do? Farrell said HR professionals should:

  • Know what sensitive data you have and who has access to it.

  • Get rid of sensitive information and dispose of unnecessary information such as paper documents that need to be shredded or having IT properly wipe devices of information.

  • Provide cybersecurity awareness training.

  • Encrypt sensitive data at rest and in transit.

“There is a movement in our industry to say, ‘This stuff is going to happen,’ ” Farrell said. Some people say, “Don’t try to worry about prevention; worry about how you’re going to respond” to a breach. But, he said, he advises against using only that approach. “It’s important to focus on prevention.”

Aliah D. Wright is an online editor/manager for SHRM. Reach her via Twitter @1SHRMScribe.

LIKE SAVE PRINT
Reuse Permissions

SHRM CONNECT

Join SHRM's exclusive peer-to-peer social network

Join Today

Job Finder

Find an HR Job Near You

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect