Despite all the recent hype about the “artificial intelligence revolution,” the mass automation of jobs is still a thing of the future. We may live in a digital world, but most of our employees are still human — and this means they are capable of human error when it comes to data security.
Today, employee negligence is the leading cause of data breaches at small and medium-sized businesses, contributing to almost 90 percent of cyberattacks against these businesses.
Given these facts, it is critical that hiring managers evaluate candidates on the strength of their digital hygiene practices. Failure to maintain secure data can have severe consequences. According to a study from Keeper Security and the Ponemon Institute, the average cost of a breach resulting from damage to or theft of IT assets and infrastructure exceeds $1 million.
Data security has been an important topic of late, particularly since the General Data Protection Regulation (GDPR) took effect in the European Union (EU). Essentially, the law gives EU citizens more control over their data; they must give consent before their information is collected or used, and they can remove that consent at any time. Failing to comply with the GDPR could result in fines of up to 4 percent of a business’s annual revenue — no small fee.
The scope of GDPR is broader than the EU because of cross-border data transfer. Any company that processes the personal data of individuals residing in the EU also has to comply with the regulations. In the wake of the GDPR, the stakes are higher for businesses in the US and around the world to ensure impeccable data security.
“[The GDPR] will force companies to take a closer look at their data infrastructure, much more so than they would otherwise,” says Wharton marketing professor Peter Fader.
On top of this, 2018 has already seen massive data breaches at Facebook, Lord & Taylor, and Saks Fifth Avenue, to name a few, and consumers are more aware than ever that they have the right to data privacy.
So how can hiring managers identify good digital hygiene in candidates, and how can they ensure that employees understand proper data security protocols once hired?
Hiring managers need to take the potential for human error into account in their screening and hiring decisions. Strong work ethic and relevant job experience are valuable assets of a potential employee, but in the digital age, how an employee handles sensitive information may be just as important. Whether an employee has had a security clearance in the past could be useful gauge, for example.
In an interview, hiring managers should ask questions that target digital security practices. Does the candidate understand the importance of using secure Wi-Fi networks? Do they actively maintain password protectors? Can they differentiate between “privacy” and “data security”? If a candidate is going to be dealing with personal data from Europe, how familiar are they with the GDPR?
Hiring managers should contact references with the intention of asking not only about work ethic and skills, but also about how well an employee followed digital security protocol. How did this person handle sensitive data? Were they more interested in efficiency than security? Did they understand the importance of correct configurations on digital storage platforms? Would they often work on public Wi-Fi?
Hiring managers can also look for evidence that a candidate uses (or lacks) discretion with their own personal data. Do they manage their online social presence wisely? Inappropriate posts on a candidate’s social media page might be a red flag when it comes to how seriously they take the privacy of their workplace’s data.
It’s important to note here that the security process goes both ways. Hiring managers need to ensure that they are also protecting the candidate’s privacy. A candidate’s application containing personal information could just as easily be subject to a data breach.
Companies must also cultivate cultures that prioritize security. This includes training employees on their roles in keeping data safe, down to the basics, such as what constitutes a strong password. Remarkably, only 43 percent of IT professionals surveyed in the Keeper Security study said they had a password policy in place, while a 2016 report from found that 63 percent of confirmed data breaches were related to weak passwords. The report also found that 30 percent of phishing emails were opened by workers, and 12 percent of workers clicked the malicious link contained therein. Other types of human error included sending sensitive info to the wrong person, improper disposal of company information, and lost laptops and smartphones.
Training should include security protocols for what to do if an employee’s phone is stolen or if they believe they have opened a phishing email. Accountability should be emphasized, but employees should be able to bring these problems forward without fear of repercussion. Additionally, employees should be made aware of common hacking schemes. Criminals often impersonate senior executives, for example, so staff should be instructed to reply to any communications from senior executives in a fresh email.
Being proactive is the best strategy when it comes to avoiding human error. By identifying candidates who already understand the importance of digital security practices and providing proper training to employees, businesses could prevent the loss of millions of dollars down the road.
Thomas F. Kelly is president and CEO of ID Experts.