The latest
Kaspersky report, "Taking care
of corporate security and employee privacy: why cyber-protection is vital for
both businesses and their staff," highlights the ‘human side' of cybersecurity
incidents by examining the discomfort and losses employees face following
corporate breaches. According to the report, 30% of employees who are involved
in the aftermath of an incident missed an important personal event, had to work
over night (32%) or suffered additional stressors (33%). A quarter of
respondents even had to cancel vacations (27%).
Work-related stress encroaches on personnel
work-life balance, efficiency and motivation, with 76% of employees feeling it
impacts personal relationships, and 16% reporting they even quit their current
job because of it. Stress levels must be considered, especially now when so
many employees are working from home and struggling to maintain a productive
working routine. For businesses, stress can create an overall decrease in
employee efficiency, affecting business
performance and ultimately leading to direct financial losses.
As Kaspersky's report has revealed, cybersecurity
incidents may contribute to a negative work experience. In fact, this has
already happened in around half of SMBs (48%) and enterprises (53%) that
experienced at least one data breach last year. The chart below reveals the
personal consequences that IT and IT security managers face following a data
breach. Stress is again the most likely ramification: a third (33%) of
administrators fell into much more stress than they would usually, regardless
of the size and IT maturity of the company.
If a data breach
occurs, IT and IT security teams have to investigate the incident, make the
necessary updates, fix the system and take measures to prevent an attack being
repeated. As a result, a third of managers worked over night or had to incur
overtime at work (33% for SMBs and 32% for enterprises). This can also result
in other tasks and deadlines being pushed back in more than a quarter of both
SMBs (27%) and enterprises (26%).
"When talking about corporate
cybersecurity incidents, we often focus on the effect it has on business like
financial loss, customer trust and other corporate consequences, but there is
another aspect to consider such as how employees deal with such cases," comments
Alena Reva, vice president of human resources Americas at Kaspersky. "It's
needless to say that additional stress at work or a disrupted work-life balance
affects employee's productivity and, even more critically, their mental and
physical health. This shouldn't be underestimated as these factors can affect
business if staff members share their negative feelings outside the
organization, impairing its reputation and brand as an employer. This can be
especially critical for businesses that recently experienced data breach as its
wider reputation is already under attack."
The
following steps can help organizations keep the impact of a breach on staff to
a minimum:
- In the time of crisis, be transparent with your
people. Keep employees informed on what's going on, what it means to the
business and to them and make sure they know who to contact about any issues.
It is especially important for when employees are working remotely for a
sustained period when staff are often isolated from each other. If a data
breach affected employees' personal data, make sure they acknowledge it from
you and not from the media or newspapers.
- In ‘peace time,' it is best to prepare a list of steps
for an IT department in case of an incident: who to inform first, who is
responsible for what and what steps should be made. This helps employees feel
prepared and can relieve potential panic and stress.
- If a breach occurs, focus on properly investigating
the causes and consequences instead of just searching for any guilty staff.
- Any crisis can be seen as a time of opportunity.
Explain to employees that their help in this situation is crucial and they can
prove themselves and their actions will be positively noted.
- Create a corporate culture where all employees
understand the importance of cybersecurity. Teach them how cybersecurity
incidents can occur and what the consequences are. Explain to employees how
following simple rules can help a company avoid cybersecurity
incidents via training courses, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
- Breaches can draw media attention, which results in
unwanted public exposure. Kaspersky Incident Communications training helps to upskill corporate communications
teams to operate optimally during a cyberattack.
For more information, please
visit the official Kaspersky report.
To learn more about how
Kaspersky products can minimize the risk of a data breach, visit the Kaspersky
Endpoint Security Cloud product page.