As personally identifiable information (PII) grows both in value and ubiquity, more bad actors will try to hack it. It’s a game of catching up with the hackers’ new innovations and plugging the holes once we detect them. While it’s a challenge for us in IT, it’s also a big personal challenge imposing significant costs for everyone.
Immediate Costs of a Data Breach to Consumers
After we as customers learn about a breach at another organization, our first thought is about ourselves and our own data. What data was revealed? What do I need to do to protect myself? In most cases, we immediately think of our online presence and change passwords for the accounts of concern. If the hack is financial, we will likely enroll in credit monitoring, while also closely watching our accounts each month. Blocking credit checks may be a good option, but at a cost. And in some cases, you may close accounts and open new ones, hoping this will help. All of this has financial costs, but it also costs you time. As IT people, we have a greater insight into the problems a breach will present, but like all customers of the affected company, we’re still going to worry.
When it’s a medical/insurance hack, things may become more complicated. These are done so that someone can use your insurance as their own, a fact you might not discover until you try to have a procedure done and find it denied, as the insurance company already has a record that you’ve received this treatment. Now, you’re in for a fight, right at the moment you really need to rest and recover.
Once our data has been captured, you can never really rest, because you don’t know how long someone might wait to exploit it.
Costs of a Data Breach to Employees
But what if the company hacked is your employer? Now, you’re facing greater costs as a company tries to regain its market position, make customers whole, and detect and fix vulnerabilities. It’s been said that we are our jobs, and so when your company’s reputation suffers, you may feel you have lost face as well. You’ll probably lose a lot of free time, as companies push their employees into remediation, rebranding and customer retention tasks on top of the regular workload that never goes away.
As the company deals with the costs of the breach, raises, promotions and new hiring are all put on the back burner. Worse, if the costs are high enough, mass layoffs may occur, no matter how unrelated your job is to security. To make a statement, companies often choose to reorganize, which can throw you into a new function you didn’t choose and lead to job dissatisfaction. The culture may change, especially if outside consultants suggest radical adjustments. The impact isn’t over until the company recovers financially, if it can.
But as employees, we’re likely also customers and shareholders, all of whom are impacted in the breach. In the next blog, we’ll talk about all of the costs to companies, but remember we pay the price three times, because of our roles as employees, customers and shareholders.
What Can You Do to Avoid a Breach?
f you’re not in security, you may wonder what you can do to make a difference. Here are a few thoughts:
- Take those passwords seriously. If you have access to customer data, make sure you are never the cause of a breach by sharing your password or selecting one that is easily detected.
- Only access customer data as needed by your job and only through secure portals. We all know back doors, but don’t use them.
- Never copy/transmit PIIs anywhere outside of the bounds of your work. No thumb drives to take home a few records, or emailing something to yourself or others.
- Use only secure connections to access corporate data, not public Wi-Fi.
Send in more suggestions on what we can all do. After all, we have seen in the past few years that we all pay the price.
Denise P. Kalm is chief innovator of Kalm Kreative Inc. and consultant to CM First Group.