No One Is Immune: Securing Yourself and Your Employees in Age of Cyber Security Warfare
CNN reported this week that hackers publicly disclosed contact information of 20,000 FBI and 10,000 Homeland Security employees. It seems reports about a new hack surface every day. The FBI hackers warned they won't stop until US "cut its ties" with Israel. If it can happen to the FBI and Homeland Security, no one is completely safe.
As if getting hacked isn't bad enough, a business may have liability to its employees or customers for allowing the hack to occur. Employers should be aware of their obligation to secure private information obtained in the course of business. An employee or customer whose information is publicly exposed might have a cause of action for negligence resulting in an invasion of privacy.
The risk of exposing private information increases when a business handles sensitive data, like financial information or health care data. Often businesses require employees or customers to provide private information for a variety of reasons, including identification, insurance, or other employee benefit programs. As a custodian of sensitive date, a business must periodically evaluate the cyber threat and ultimately ask, "what would happen if we we're hacked?"
Aside from reviewing cyber security policies and measures, businesses should be sensitive to their customers' and employees' data and make a plan for how to communicate a breach to their customers or employees in a way that discloses the nature of the breach without inducing panic. Of course, the content of the message will depend on the circumstances. Anticipating the hack and planning for it will help an employer communicate the right message to the affected people.
All businesses are at risk. Having a plan helps.