Protect Employees’ Sensitive Data from Attack or be Held Liable

By:  |  Category: Blog Thursday, November 29th, 2018  |  No Comments
sensitive data

Don’t neglect your cybersecurity or you might pay for it-twice.

According to KnowB4, a recent ruling from the Pennsylvania Supreme Court on an employee lawsuit against the University of Pittsburgh Medical Center stemming from a data breach should put all employers on notice.

As part of hiring any employee, employers need to collect personal information – date of birth, social security number, address, full name, and more. But when the organization faces a data breach, are they responsible should employee data be stolen?

In February of 2014, UPMC confirmed a data breach where hackers stole the personal information of about 62,000 current and former employees. Hackers used the data to file fake tax returns to receive tax refund money.

Employees sued UPMC, in which the case was thrown out by two lower courts. But the Pennsylvania Supreme Court reinstated the lawsuit, stating “An employer has a legal duty to exercise reasonable care to safeguard its employees’ sensitive personal information stored by the employer on an internet-accessible computer system.”

This ruling doesn’t mean the UPMC is guilty, but it does mean the case lives on. This should serve as a warning to every organization; the potential exists that, should a data breach occur where employee data is stolen, you may be held responsible.

With the primary means of attack still revolving around phishing and social engineering, organizations need to find ways to empower employees to identify fake emails and websites that are used as part of an elaborate scam. Security Awareness Training provides employees with the education necessary to empower them to become a part of your security stance. With employees vigilant, keeping a security focus in mind as they interact with email and the web, organizations reduce the attack surface, thereby lowering the likelihood of becoming a victim to a data breach.

Should the UPMC case find in favor of the employees, organizations everywhere will need to shore up their security efforts around employee data. Stopping an attack before it begins by making the employee part of the security defense through Security Awareness Training is the first step.

Let EnhancedTECH and KNowB4 provide you with the resources you need to train your staff and secure your network. Contact us at [email protected] or call us at 714-970-9330.

Source: KnowB4

Leave a Comment
Read previous post:
Azure Cloud
Azure Cloud Helping First Responders Find Missing Children

Over 45,000 children go missing in Canada every year. Missing Children Society of Canada is using social media to get...