Cybersecurity is a hot topic. If your company is like most, your IT department issues policies and guidelines for employees on topics like “how to set a strong password” or “how to identify a suspicious email.”
However, providing a cybersecure environment encompasses far more than protecting the company's network and data. Some of the most attractive data to hackers is the PII (personal identifiable information) that your company stores about its employees. Still, it's not just the company that's damaged if hackers access that data. Nor is company-held private information an individual's only cyber concern.
As explored in the Harvard Business Review, "privacy and cybersecurity are converging." Companies that want to provide comprehensive cybersecurity to employees need to think about personal cybersecurity, not solely enterprise security. The first step is to understand the differences between personal and enterprise cybersecurity.
Defining enterprise cybersecurity
"Cybersecurity" is the collection of tools and tactics used to protect a digital device or data. It graduates to “enterprise” cybersecurity when talking about the digital networks of large organizations.
Large organizations have networks with a high number of devices (or "endpoints") connected to them. Endpoints include everything from desktops, laptops, tablets, phones, watches, and servers.
These devices and the data stored on them are also often dispersed geographically. The increase in cloud-based systems means company data is often traveling across a combination of public and private Internet pathways. Then there's managing the people who do have authorized access to different portions of the company's network. When you put all that together, you can start to picture the scope of IT's job in providing enterprise cybersecurity.
Some typical enterprise security tactics deployed by IT departments are:
Requiring employees to change passwords every few months.
Scanning all email attachments for malicious code and preventing the delivery of any email that contains such code.
Continuously monitoring the entire network for any unknown, unidentifiable, and unauthorized intrusions and activity.
Regularly updating network systems and software with security updates.
Encrypting data when it's stored and when it's sent among network endpoints.
This list is a mere taste of all the ways an IT department protects an enterprise's digital network and data. Focusing on personal cybersecurity needs – that's where you, as an HR professional, can step in to support employees.
Where personal cybersecurity falls outside the scope of enterprise security
Personal cybersecurity is just that – the scope of protection an individual has against the potential damage hackers can do to that individual with their PII.
There is some overlap between enterprise cybersecurity and personal cybersecurity. And while your IT department protects the company's data, enterprise cybersecurity by itself is insufficient for protecting employees' PII. Here’s why.
Employees' PII exists in many places online, not just company databases. If they use a non-work email account, do online banking, or for that matter — do anything online — they're creating a digital footprint. And there’s the rub: most of your employees' digital footprints exist outside company data and networks.
If your company experiences a data breach, its focus is on tightening network defenses, analyzing how the breach occurred, and complying with notification and reporting requirements. Meanwhile, the horse (your employees' PII) ran out of the barn, and the company needs to lock that barn down and make it stronger. But who's chasing down the horse? Without expert assistance, it's extraordinarily challenging for an individual to minimize the potential damage a runaway horse can cause.
How companies can offer employees both enterprise and personal cybersecurity
Fortunately, your company could provide your employees access to such expert assistance. When you advocate for offering identity protection services as an employee benefit with leadership, you’re putting on your superhero cape and doing what you do best — watching out for your employees!
Identity protection services address the gaps in personal cybersecurity left by your company's organizational security framework. For example, a best-in-class identity theft protection benefit program, such as PrivacyArmor Plus, proactively monitors the dark web looking for suspicious use of all those personal emails and financial account numbers that people don't share with their employers.
Perhaps most importantly, such identity protection benefits provide remediation services when an employee's PII has been compromised. PrivacyArmor offers employee subscribers access to in-house privacy advocates. These personal advocates can help them improve their cybersecurity before a breach occurs and work to repair any damage that's happened after the fact. It also provides each subscriber with a $1 million identity theft insurance policy.
Your company's IT department can't help individual employees with their personal cybersecurity. Yet your company can help employees strengthen their personal cybersecurity with a subscription to an identity theft protection service. Imagine helping your company leap ahead of the competition and attracting and retaining top talent by offering one of the benefits most in demand! Not to mention helping to reduce your employees’ anxiety and improve their productivity should they become a victim of identity theft. Now pull out your superhero cape! You’ve got some protecting to do!
