News headlines pertaining to cyberattacks are becoming increasingly common. In December 2013, Target announced that sensitive information from approximately 70 million individuals had been breached, including names, mailing addresses, phone numbers and e-mails. In December 2014, Anthem, the second-largest health care insurer in the United States, announced that similar data was compromised from 78.8 million members, ex-members and employees.
As part of a growing concern over external workplace threats, the International Foundation surveyed members to gauge their concerns regarding cyberattacks, workplace violence, natural disasters, the spread of disease and more. (See 10 Ways Employers Are Prepared for the Worst.) The survey garnered responses from 179 organizations across the United States and Canada.
Not surprisingly, the top threat of greatest concern was a cyberattack, cited by 37% of respondents. An additional 25% cited an internal data security breach as their No. 1 concern. Is this anxiety new? About three in four responding organizations agree that their concern has increased in the past five years.
These concerns seem to be valid. More than 18% of respondents noted having an experience with cyber-attacks in their organization, with the same amount experiencing internal data breaches. What data are employers most concerned about being breached?
- Worker Social Security/CPP/QPP numbers and other personal information—50%
- Employer customer data—24%
- Worker health data—6%
- Employer financial data—6%
- Worker financial information—2%
Fortunately, organizations are taking a number of preventive measures to combat breaches. These include:
- 63% are restricting access to electronic files.
- 44% have a “mobile device at work” policy.
- 27% have data breach worker agreements.
- 14% of organizations offer identity theft insurance to their workers.
In addition to these measures, many organizations are now monitoring the electronic activities of their own workers. Some of these activities include:
- 50% of organizations monitor Internet sites visited.
- 49% monitor computer files accessed.
- 43% monitor e-mails sent/received.
- 32% monitor phone usage.
- 19% monitor social media posts.
Organizations are realizing the potential threats and taking measures to alleviate attacks. The International Foundation has taken drastic measures to ensure the cybersecurity of the organization. A recent analysis of our email system found that less than one-quarter of received emails were from legitimate sources. I’m glad those unwanted emails never make their way to my inbox, thanks to the protective measures we have in place.
What action is your organization taking to prevent attacks? Are you trying anything new or innovative? Share in the comments below.
Justin Held, CEBS
Educational Program Specialist/Research Analyst at the International Foundation