Your business runs extensive background checks before talking to a job candidate; you have guest sign-in procedures that rival the Pentagon’s; and you put out wet floor signs if there’s so much as a cloud in the sky.
You’re doing everything you can to reduce your company’s liability. But are you adopting the same approach to opening emails and evaluating cybersecurity risks? If not, it could cost your company a fortune.
Data breaches, phishing, and increased corporate liability
Although the Equifax hack dominated breach-related headlines in 2017, the reality is it was just one of many breaches that shook the world. In the U.S. alone, there were nearly 1,600 data breaches that resulted in almost 179 million compromised records. While the breaches occurred through a variety of means, phishing was among the most popular, accounting for more than 21 percent.
Phishing emails are designed to steal the confidential data of a person or business, and in many instances, the emails appear to come from a co-worker, client, prospect, or boss. This form of phishing attack is known as a BEC (business email compromise) scam, and it is highly effective.
Back in 2016, AlienVault surveyed more than 300 security professionals to determine how many employees fell victim to BEC phishing attacks. Nearly 40 percent admitted that attackers had tricked executives within their organization with BEC attacks.
Often times, this results in a massive data breach — and big problems for a company. In addition to being a PR nightmare, employees are fighting back like never before. In both the U.S. and the UK, former and current employees are banding together to sue businesses that compromised their personal data.
There are two key ways companies can protect themselves from this kind of disaster. First, they must provide thorough and continuous cybersecurity training. Second, they can preemptively offer identity protection to their employees via an employer-paid, co-sponsored, or voluntary benefit.
HR should provide thorough security training
With 30–50 percent of identity theft originating in a victim’s workplace — and much of that the result of phishing — companies must make every effort to protect their employees. You can read more about proactive steps your business can take in our blog post, The HR Guide to Employee Data Protection and Identity Theft Prevention. It’s packed with great information you can use today, like the following signs of phishing attempts, which every employee should know:
- Misspellings and grammatical errors throughout
- Missing or incorrect contact details in the signature line
- The email doesn’t read as if the sender wrote it
- The salutation is oddly worded or contains vague terms like “employee”
- When you hover over a link, it reveals a different URL than stated
- A request for large amounts of private data from a company executive that seems oddly timed or out of place
- Something just feels off
Businesses should offer identity protection as a benefit
In addition to providing comprehensive and ongoing training to employees, your organization should also offer identity protection as an employee benefit. There are a number of these plans on the market, and you’ll need to conduct research to determine which is best for your business and employees.
You’ll also need to be certain the program safeguards your bottom line by providing robust protection that extends beyond traditional credit monitoring services. This includes the following features, which come standard with InfoArmor®’s signature service, PrivacyArmor®.
- Dedicated customer support for your organization
- Scalable and flexible payment models
- Comprehensive product education and a dedicated client relationship advisor
- Accounts protected by two-factor authentication
- Proactive alerts that notify employees on applications for credit cards, wireless carriers, utility accounts, and non-credit accounts
- Monitoring of high-risk identity activity such as employee password resets, fund transfers, unauthorized account access, compromised credentials, address changes, and public record alerts
- Tools to monitor and preserve an employee’s reputation across social networks
- A dedicated advocate to guide and manage an employee’s full recovery process, restoring credit, identity, accounts, finances, and their sense of security in the event identity theft does occur
- Identity theft insurance to cover your employee’s lost wages, legal fees, medical records request fees, CPA fees, child care fees, and more
Please keep in mind, these are not the only features your identity protection service should include. For a complete list, click here, and if you need immediate assistance or have questions about how InfoArmor can help protect your employees, reach out today. We’d love to show you the difference we can make by providing peace of mind to your employees while protecting your company’s bottom line.