It seems we hear about more breaches of companies’ personal or financial information nearly every month.
When companies suffer security breaches, costs are significant, but financial losses can be recouped. It’s much harder to recover from the loss of consumer trust and loyalty.
As Will Rogers once said, “It takes a lifetime to build a good reputation, but you can lose it in a minute.” A customer’s identity theft following a trip to their favorite big box store, for example, may make them reconsider where they shop.
Some of these cybersecurity breaches come from outsider hackers, but it is not uncommon to hear about breaches of security coming from company contractors, employees, or outsiders with employee assistance.
In fact the Online Trust Alliance found that, in the first half of last year, “nearly a third of all data breaches … came from an internal actor and 90 percent were preventable.”
Employee loyalty and company data breaches
Hacks as large as at Sony, and recently, at Ashley Madison are suspected as inside jobs. The breaches caused by Edward Snowden and leaks of U.S. government security documents are still world news. Whether you agree with the above employers’ missions or not, it’s apparent that employee loyalty is more important than ever.
What are some of the things companies can do to protect their customers’ data?
- Spend millions in cybersecurity software;
- Hire outside consultants or beef up internal IT departments;
- Increase employee engagement.
If you didn’t check that last bullet, you’re missing out on a low-cost, high-impact opportunity. Even Bloomberg admits, “Companies’ worst hacking threat may be their own workers.”
Disgruntled employees, or employees that do not buy into the company mission, are not just flight risks — they’re cybersecurity risks. They can either perform the hacking themselves or collaborate with outsiders to access your company’s information.
That’s how important employee loyalty, buy-in, and engagement is to companies.
Engagement as a security best practice
Lucy L.M. Phillips, Managing Director and Employee Engagement and Change Communications Practice Lead, at FTI Consulting suggests using these tactics to make data security part of company culture (quoting below):
- Clarify the business risk.
- Align with values and culture.
- Involve employees directly in solutions.
- Partner with the compliance and IT teams.
Phillips explains —
Creating a culture where employees respect data and are motivated to protect the business is critical to cyber security.”
So, if time you are looking to enhance cybersecurity in your company, take a second look at your employee engagement and satisfaction levels. You may have invested in better security software, but have your employee engagement practices gotten with the program?
You can find more from Derek Irvine on his Recognize This! blog.