Executives and HR Directors can no longer depend on being anonymous or too small to attract hacker interest. If you have information that can be easily stolen and sold on the open market, you should assume you are or will be a target.
If you don’t think employee identification security is in your job description, at the worst case, you may find yourself looking for another job. Just ask the CEO of Sony who is stepping down after multiple class action lawsuits were filed by some of the 47,000 current and former employees, including a number of movie stars, whose private information -- social security numbers, medical histories, salary history, passport info, visas, etc. -- were hacked and made public in December, 2014. Some estimates of the ultimate costs of the data breach range up to $100 million in damages. (See damage estimates from Reuters)
Part of the basis of the lawsuits stems from a 2007 CIO interview where the Chief Securtiy Officer for Sony argued against investing fully in information security. Although successful lawsuits in this area are rare, several decisions related to employee data loss at Adobe and Starbucks have opened the door for employees holding companies accountable for sufficiently protecting their private information.
What makes the Sony data breach more visceral, is the public nature in which it was revealed.
Catty emails between Sony executives referring to Angelina Jolie as a mediocre talent and making fun of President Obama were not just embarrassing, but they compromise future relationships with stars that are key to the studios future success. (Jolie has a string of hits as a star and her Unbroken film has raked in more than $100 million domestically.) However, the impact to private individuals can also be great. A personal friend and executive at Sony said he spent a day proactively reaching out to protect his one-year-old daughter’s passports and social security information from being exploited.
Failure to protect employee data may be a growing corporate vulnerability. The good news is that protecting employee data from breaches doesn’t have to cost an arm and a leg. Choosing to invest in secure document storage in order to protect sensitive employee and company information can potentially save tens of millions in actual costs and hundreds of millions in productivity costs. Adittionally, the cost of not protecting HR documents could be lawsuits, remediation and investigative costs, opportunity cost, and maybe even your job.
If small and mid-sized companies can protect their employees private data cost effectively in an inexpensive virtual data room, why can the big companies do it?
Find out how some small and mid-sized business are proactively protecting their employee and company data in the second part of this blog series Employee Data Hacked: Why Executive Postions Are at Risk, Part 2 .