Data Privacy: 2016’s Elephant in Your Office

Across the globe, individuals, companies, and even governments are debating what to do about customer, company and citizen data privacy. With hacking groups like “Anonymous” gaining more and more notoriety, hiding your head in the sand simply isn’t going to work anymore. As the year 2016 has come to a start, many companies and government agencies are considering how best to safeguard the personal data they are collecting.

Companies who Do Not Train Face Greater Risks than Ever

While hackers are always going to be one step ahead, those companies and agencies that choose to train their employees and managers on safe data procedures are taking proactive measures to do their best 1) to safeguard themselves from an attack; and 2) how to handle the fallout from an attack that has already happened.

You may be asking yourself why training offers greater protection than spending large amounts of money on technical protection? The answer is that knowledge is always power, and it is knowledge that allows cyber-criminals to defeat even the most tech-savvy data security systems over time (although they are of course incredibly important). This is why it is important not only to instruct your employees and managers on how the company aims to safeguard the key data from a technical standpoint, but also what to do in the event an attack occurs.

Training is a Valuable Tool in the War Against Privacy Breaches

In addition to higher encryption security measures, data privacy training teaches managers how to create effective passwords and authentication measures to help prevent breaches from occurring. Likewise, data privacy training uses non-technical language to identify those managers and employees who are at the greatest risk of exposing personal or customer information to a breach of cyber security.

By training employees on how to react to attacks (as well as prevent them from occurring) your employees will be more prepared to deal with the shocking events and public relations fallout that can occur immediately following an attack. For example, an employee who has had data privacy training will know what to say (and what not to say) when approached by a member of the media, which can be of enormous value in a stressful time for the company.

Educating Employees About At-Risk Data an Important Safety Step

Perhaps most importantly, your managers and employees need to be educated as to what information your company or agency stores that may be attractive to a hacker. For example, law firms maintain lots of personal data concerning their employees and clients, and often have private medical information that is subject to the Health Insurance Portability and Accountability Act (“HIPAA”) and sensitive financial data and trade secrets that hackers would love to get their hands on. The law firm was just one example, across various industries and business sectors information is stored that is valuable to cyber criminals with both micro and macro goals.

Syntrio is committed to helping businesses and government agencies avoid the costly mistakes associated with breaches of employee and customer personal information. We are also able to custom-tailor our courses to fit the needs of your business or agency. Contact www.syntrio.com for more information about our data privacy courses for employees and management and remember to follow us on Twitter, Google Plus and LinkedIn for daily updates on compliance that impact your company!

 Contact www.syntrio.com for more information about our Data Privacy courses and remember to follow us on TwitterGoogle Plus and LinkedIn for daily updates on compliance issues that may impact your company!

 

Business Ethics Training Lacking: Cardinals Embroiled in Hacking Scandal

According to a New York Times report, the Saint Louis Cardinals (one of the most successful professional sports teams of the past fifty years) are under FBI investigation for allegedly hacking into the proprietary data of the Houston Astros, another MLB team, in an attempt to steal secret data about the Astros’ trade negotiations and player evaluations. This scandal comes on the heels of the FIFA international corruption scandal and displays the utter lack of regard for business ethics in high-level sports today.

Breaking into Network Brings to Light Data Privacy Issues

According to the Times report, the FBI investigation revealed that Cardinals officials broke into the Astros network and stole information from special databases that had been built by the team. While the information stolen may not seem to be a major security breach to the casual sports fan, in reality the scouting reports and negotiation data provided a major upper hand when left unprotected. Further, the attack calls into question the security of the personal information and data that was stored in the Astros’ network. In any event, if the allegations prove true there was a massive ethics violation that occurred on several levels.

Employees of the Cardinals the Focus of the Investigation

Not surprisingly, lower-level employees of the Cardinals organization are the subject of the investigation, and the Department of Justice is not saying whether the investigation revealed that Cardinals executives knew or instructed the attack. In either case, it is clear that the training system in place at the organizational level was lacking, as Cardinals employees were apparently allowed to hack unfettered into the private data of another team.

Perhaps most disturbing, the FBI believes that the attack was intended to disrupt the operations of a former Cardinals executive who now works for the Astros, which evidences a malicious intent on behalf of the Cardinals as a whole. Finally, the report indicates that the employees may have used a list of passwords from the former executive’s time with the Cardinals to hack into the Astros data.

Many of the Issues Involved in the Attack can be addressed by Training

Although the aforementioned story may sound like fantasy to your business, rogue employees attempting revenge on a former executive by stealing proprietary information is all too common in the private and public sectors. For this reason it is extremely important to train your managers and employees on the consequences of ethical and data breaches and how best to avoid them. Although the MLB situation is public and high-level, similar breaches on a smaller scale can lead to significant civil and criminal penalties in any industry.

Syntrio is committed to helping businesses maintain the highest standards of ethical and data privacy compliance by helping companies demonstrate their commitment to compliance with state and federal laws and business ethics standards.  Contact www.syntrio.com for more information about our business ethics courses and remember to follow us on TwitterGoogle Plus and LinkedIn for daily updates on employment law and compliance issues that may impact your organization!