Many business leaders and human resources professionals believe that cyber security is the responsibility of their information technology staff and managed services provider. However, ensuring that employees and their families have appropriate cyber security protection is an employee benefit that benefits employers as well.
Mistakes, lack of awareness, and general vulnerability of employees remains the most significant cyber security risk for most employers. Simply training employees about cyber threats typically fails to reduce that risk sufficiently. To have a truly cyber mature workforce, employers need to engage employees in cyber security. Teaching employees about the threats to themselves and their families, and making personal protection services available to them, is a much better method to engage employees in cyber security.
Training. Cyber security training is not most people’s idea of a good time. However, employees sit up and take notice when trainers talk to them about the prevalence and severity of the cyber threats to themselves personally, including their identities, credit files, financial accounts, personal devices, and home networks. Additionally, explaining that their aging parents and children face these same threats never fails to get employees meaningfully engaged. Employers can then translate that personal engagement into an increased awareness and commitment to the cyber security policies and practices that protect the business.
The following are a few training opportunities that typically motivate employees: (a) taking control of your credit bureau accounts, extinguishing fraudulent or unnecessary credit, and freezing or locking your credit; (b) obtaining identity, credit, and financial crime protection for yourself and your family; (c) ensuring that your personal financial accounts are secure from theft; (d) hardening your home network and online accounts; and (e) ensuring the online safety of yourself and your family members.
Identity, Credit and Financial Crime Protection. Employers seeking a deeper and longer-lasting engagement from employees also offer certain personal protection services as an employee benefit. By doing so, employers demonstrate that they have the same level of commitment to their employees’ personal cyber welfare as they are asking from those employees with respect to the cyber security of the business.
These benefits typically include either a fully or partially paid subscription to a third-party service that monitors the credit bureaus, Internet, dark web, and other online resources for theft or misuse of the identity of the employee and his or her family members, and fraud specialists to restore an individual’s credit and identity in the event of theft or misuse. Such a subscription also can include reimbursement for funds stolen as a result of cyber scams.
Employers are increasingly finding that these services are being offered by their existing employee benefits providers as extensions of other benefits, such as health insurance. Employers also can secure subscription services directly from the third-party providers, typically at discounted rates for their employee populations.
Personal Accounts and Residential Networks. Employers also benefit from making certain other safeguards available to help employees protect their home networks and their personal email, social media, financial, and other online accounts. The work-from-home model necessitated by the pandemic (and likely to remain in some form permanently) highlighted the threats to employers of employees accessing business systems from insecure residential and public Wi-Fi networks. Likewise, the insecurity of personal accounts are common points of entry for hackers to exploit to access business systems through employee devices.
To mitigate these risks, employers are helping employees with residential firewalls, personal virtual private networks (VPNs), and password management applications for themselves and their families. These measures are becoming increasingly available through the subscriptions services discussed above. Additionally, many employers are realizing that these safeguards are particularly important for business owners, executives, and other management employees who have remote access to financial, personnel, and other highly sensitive information.
For a business to meaningfully reduce its vulnerability to cyber attack, it must truly engage its employee population in cyber security. One of the most effective techniques to do so is to teach and empower them to protect themselves and their families, then translate that engagement into a heightened awareness and mutual commitment to protect the business as well.