Crisis Communication, Companies often face employee data leaks, but almost half of them do not report these incidents. Why is this a mistake and how can proper communication help prevent further attacks?
Companies are silent about the leakage of employees’ data, disclosure by the media then damages their currency
Successful cyber defense of the company is not possible without joining the forces of employees at all levels. Technology is important in preventing cyber attacks, but the human factor still plays a key role, as it is linked to up to 85 % of incidents . Kaspersky’s global survey, conducted among corporate IT executives, provides an overview of how highly organizations and employees work together to protect each other and their clients.
Despite the fact that known cases of data leakage are mainly associated with the theft of customer information , personal data of employees are also very popular with cybercriminals. In 2021, more than a third (35%) of organizations were unable to ensure the complete security of their employees’ data and faced incidents related to this type of information. According to the survey, they are surpassed only by personal data of customers (43%).
The fact that 45% of the organizations concerned did not disclose the leakage of employees ‘ personal data is a sign that the problem is greater than it seems. For the rest, 43% of organizations shared information about the incident proactively, and 12% did so after leaking to the media. It follows that this type of leakage is the least frequently published compared to corporate or customer data leaks.
“When an organization faces a cyber incident, proper crisis communication is no less important than responding to such an incident and following up recovery measures. There is always a risk of data leakage, and companies should realize that proactive communication is a better choice than sudden disclosure in the press. However, appropriate, accurate and timely communication not only minimizes potential reputational damage, but can also significantly mitigate direct financial losses . To avoid panic or confusion, the company must consider developing a clear contingency plan and train employees in advance. Corporate communications experts and IT security teams should work togetherto exchange information related to the company’s cyber security and to be able to create manuals, select tools, channels and language that could be useful to best manage internal and external communication in the event of an emergency, “comments Miroslav Kořen, CEO of Kaspersky for Eastern Europe.
Attacks can be prevented by training employees in IT security
The lack of external knowledge about potential cybersecurity incidents usually cannot be mitigated by internal efforts alone. According to the survey, only 44% of organizations have already implemented safety education and training to ensure that key information is available to employees. In addition, more than half of these companies experienced at least one problem with the quality of these services, such as dissatisfaction with the high complexity of the courses and insufficient support or expertise from the training provider.
Employees who have not been provided with basic information on the importance of safeguards cannot be expected to comply with the rules . In 2021, compliance with employees and addressing the lack of end-user security culture is one of the company’s three biggest IT security concerns. In practice, companies regularly encounter information security breaches (41%), inappropriate use of IT resources (42%) and incorrect data sharing via mobile devices (38%).
Leak prevention requires a harmonized approach for all employees who come into contact with the corporate system and could be a potential target for attackers. To better secure employees, companies should combine reliable security measures with maintaining their teams’ security awareness , which includes:
- Ensure fast deployment of patches and software updates to prevent attackers from entering the system.
- Implement a high level of encryption of sensitive data and promote strong login data and multifactor authentication.
- Use effective endpoint protection with threat detection and response features to block network access attempts, as well as use managed protection services for effective attack investigation and response.
- Minimize the number of people with access to critical data . Data leakage is more likely to occur in organizations where too many employees work with confidential and valuable information that can be sold or misused in some way.
- Equipping employees with the necessary skills in the field of cyber security. Providing education that presents all the necessary and up-to-date information in an engaging way. If companies want to save time and get quality services, they should work with globally recognized providers who can ensure an effective training process.