“Cybersecurity” describes measures taken to protect a computer or computer system and encompasses a broad range of practices, tools and concepts. According to Cybersecurity Ventures, worldwide spending on security will hit $1 trillion by 2021.
An outgrowth of cybersecurity is “cyberbullying.” Employers should make efforts to prevent cyberbullying the same as any other harassment. Policies should be updated to include harassment via electronic systems and ensure that employees understand the reporting mechanisms to address cyberbullying.
Businesses must be prepared to investigate employee complaints of cyberbullying, even when the source (or complaint) may be anonymous, as is often the case.
Collectively, several laws emphasize the need for businesses to have a data breach response plan to address how the company will handle a breach and identify the individuals responsible for implementing the plan of action. Many states have enacted breach notification laws, such as Tennessee’s Data Security Breach Notification Act. Other laws may apply based on the nature of the business, such as HIPAA, which requires covered entities and their business associates to provide notification following a breach of unsecured protected health information. Likewise, the Fair and Accurate Credit Transactions Act requires financial institutions to take certain steps to protect consumer credit information.
Most experts agree the human link is the weakest link in organizational effort to prevent data breaches, which are less about technological sophistication and more about exploitation of the human element. In this age of cyber threats, employers must train employees to recognize suspicious computer messages and unrequested attachments so as to raise employee awareness regarding cybersecurity measures.
Employers should also periodically update existing information security policies and also make sure these policies include a statement that there should be no expectation of privacy in the company electronic systems, which may be monitored for company data security purposes.
Employers must also pro-actively protect Company information stored in or accessed through employee mobile devices, phones, and laptops, whether company or employee-owned, by requiring complex, unique passwords, remote lock capability, and other mobile device management measures.