Cloud Hosting

To print this article, all you need is to be registered or login on Mondaq.com.

Published: New Hampshire Business Review

September 15, 2022

Many business leaders and human resources professionals believethat cyber security is the responsibility of their informationtechnology staff and managed services provider. However, ensuringthat employees and their families have appropriate cyber securityprotection is an employee benefit that benefits employers aswell.

Mistakes, lack of awareness, and general vulnerability ofemployees remains the most significant cyber security risk for mostemployers. Simply training employees about cyber threats typicallyfails to reduce that risk sufficiently. To have a truly cybermature workforce, employers need to engage employees in cybersecurity. Teaching employees about the threats to themselves andtheir families, and making personal protection services availableto them, is a much better method to engage employees in cybersecurity.

Training. Cyber security training is not mostpeople's idea of a good time. However, employees sit up andtake notice when trainers talk to them about the prevalence andseverity of the cyber threats to themselves personally, includingtheir identities, credit files, financial accounts, personaldevices, and home networks. Additionally, explaining that theiraging parents and children face these same threats never fails toget employees meaningfully engaged. Employers can then translatethat personal engagement into an increased awareness and commitmentto the cyber security policies and practices that protect thebusiness.

The following are a few training opportunities that typicallymotivate employees: (a) taking control of your credit bureauaccounts, extinguishing fraudulent or unnecessary credit, andfreezing or locking your credit; (b) obtaining identity, credit,and financial crime protection for yourself and your family; (c)ensuring that your personal financial accounts are secure fromtheft; (d) hardening your home network and online accounts; and (e)ensuring the online safety of yourself and your family members.

Identity, Credit and Financial CrimeProtection. Employers seeking a deeper and longer-lastingengagement from employees also offer certain personal protectionservices as an employee benefit. By doing so, employers demonstratethat they have the same level of commitment to their employees'personal cyber welfare as they are asking from those employees withrespect to the cyber security of the business.

These benefits typically include either a fully or partiallypaid subscription to a third-party service that monitors the creditbureaus, Internet, dark web, and other online resources for theftor misuse of the identity of the employee and his or her familymembers, and fraud specialists to restore an individual'scredit and identity in the event of theft or misuse. Such asubscription also can include reimbursement for funds stolen as aresult of cyber scams.

Employers are increasingly finding that these services are beingoffered by their existing employee benefits providers as extensionsof other benefits, such as health insurance. Employers also cansecure subscription services directly from the third-partyproviders, typically at discounted rates for their employeepopulations.

Personal Accounts and Residential Networks.Employers also benefit from making certain other safeguardsavailable to help employees protect their home networks and theirpersonal email, social media, financial, and other online accounts.The work-from-home model necessitated by the pandemic (and likelyto remain in some form permanently) highlighted the threats toemployers of employees accessing business systems from insecureresidential and public Wi-Fi networks. Likewise, the insecurity ofpersonal accounts are common points of entry for hackers to exploitto access business systems through employee devices.

To mitigate these risks, employers are helping employees withresidential firewalls, personal virtual private networks (VPNs),and password management applications for themselves and theirfamilies. These measures are becoming increasingly availablethrough the subscriptions services discussed above. Additionally,many employers are realizing that these safeguards are particularlyimportant for business owners, executives, and other managementemployees who have remote access to financial, personnel, and otherhighly sensitive information.

For a business to meaningfully reduce its vulnerability to cyberattack, it must truly engage its employee population in cybersecurity. One of the most effective techniques to do so is to teachand empower them to protect themselves and their families, thentranslate that engagement into a heightened awareness and mutualcommitment to protect the business as well.

Many business leaders and human resources professionals believethat cyber security is the responsibility of their informationtechnology staff and managed services provider. However, ensuringthat employees and their families have appropriate cyber securityprotection is an employee benefit that benefits employers aswell.

Mistakes, lack of awareness, and general vulnerability ofemployees remains the most significant cyber security risk for mostemployers. Simply training employees about cyber threats typicallyfails to reduce that risk sufficiently. To have a truly cybermature workforce, employers need to engage employees in cybersecurity. Teaching employees about the threats to themselves andtheir families, and making personal protection services availableto them, is a much better method to engage employees in cybersecurity.

Training. Cyber security training is not mostpeople's idea of a good time. However, employees sit up andtake notice when trainers talk to them about the prevalence andseverity of the cyber threats to themselves personally, includingtheir identities, credit files, financial accounts, personaldevices, and home networks. Additionally, explaining that theiraging parents and children face these same threats never fails toget employees meaningfully engaged. Employers can then translatethat personal engagement into an increased awareness and commitmentto the cyber security policies and practices that protect thebusiness.

The following are a few training opportunities that typicallymotivate employees: (a) taking control of your credit bureauaccounts, extinguishing fraudulent or unnecessary credit, andfreezing or locking your credit; (b) obtaining identity, credit,and financial crime protection for yourself and your family; (c)ensuring that your personal financial accounts are secure fromtheft; (d) hardening your home network and online accounts; and (e)ensuring the online safety of yourself and your family members.

Identity, Credit and Financial CrimeProtection. Employers seeking a deeper and longer-lastingengagement from employees also offer certain personal protectionservices as an employee benefit. By doing so, employers demonstratethat they have the same level of commitment to their employees'personal cyber welfare as they are asking from those employees withrespect to the cyber security of the business.

These benefits typically include either a fully or partiallypaid subscription to a third-party service that monitors the creditbureaus, Internet, dark web, and other online resources for theftor misuse of the identity of the employee and his or her familymembers, and fraud specialists to restore an individual'scredit and identity in the event of theft or misuse. Such asubscription also can include reimbursement for funds stolen as aresult of cyber scams.

Employers are increasingly finding that these services are beingoffered by their existing employee benefits providers as extensionsof other benefits, such as health insurance. Employers also cansecure subscription services directly from the third-partyproviders, typically at discounted rates for their employeepopulations.

Personal Accounts and Residential Networks.Employers also benefit from making certain other safeguardsavailable to help employees protect their home networks and theirpersonal email, social media, financial, and other online accounts.The work-from-home model necessitated by the pandemic (and likelyto remain in some form permanently) highlighted the threats toemployers of employees accessing business systems from insecureresidential and public Wi-Fi networks. Likewise, the insecurity ofpersonal accounts are common points of entry for hackers to exploitto access business systems through employee devices.

To mitigate these risks, employers are helping employees withresidential firewalls, personal virtual private networks (VPNs),and password management applications for themselves and theirfamilies. These measures are becoming increasingly availablethrough the subscriptions services discussed above. Additionally,many employers are realizing that these safeguards are particularlyimportant for business owners, executives, and other managementemployees who have remote access to financial, personnel, and otherhighly sensitive information.

For a business to meaningfully reduce its vulnerability to cyberattack, it must truly engage its employee population in cybersecurity. One of the most effective techniques to do so is to teachand empower them to protect themselves and their families, thentranslate that engagement into a heightened awareness and mutualcommitment to protect the business as well.

Cameron G. Shilling

Director, Litigation Department & Chair of Cybersecurity andPrivacy Group

The content of this article is intended to provide a generalguide to the subject matter. Specialist advice should be soughtabout your specific circumstances.

Read more:
The Employer Benefit Of Employee Cyber Security - Employee Benefits & Compensation - United States - Mondaq