Skip to Main Content

Protecting Employee Information: How to Improve Cybersecurity in 2021


From ‘Zoombombings‘ to data breaches, many businesses have seen their fair share of cybersecurity challenges in 2020. According to a Greathorn survey, organizations fight off an average of 1,185 phishing attacks every month.

Your company has a duty to keep its employees’ private information safe. To combat those with malicious intent, it’s important that you make cybersecurity awareness, prevention, and security best practices a part of your company culture. Take these steps to protect your employee information in 2021.

Store Employee Information Correctly

In October 2020, Pfizer suffered a huge data breach because of unsecured cloud storage. Secure data storage needs to take priority in 2021. Be aware of where you store critical employee information and corporate data and who has access to them. Performing a security audit will flag any insecure storage.

If you don’t already use an HRIS, get to know the ins and outs of how it keeps your employee information safe.

Create/Update Your Data Security Policy

Create or update your ‘acceptable use’ policy. This outlines the appropriate use of business assets and employee information. You’ll want to include details of who has access to your employee information and how said information will be used. Your policy should also detail the procedures your business will follow if a violation takes place.

That brings us to planning:

Build An Incident Response Plan

An incident response plan could be your saving grace in a crisis. In a post for Medium, ATG IT outlines the key sections to have in your plan. These include:

  • Prioritizing assets
  • Analyzing potential risks
  • Identifying single points of failure
  • Storing data
  • Business continuity planning
  • Ensuring you have backup staff
  • Establishing your incident response team

Depending on your industry and the rules and regulations surrounding it, you might need to include more or less guidance. It’s a good idea to keep an eye on any upcoming changes to laws and standards too. Ensuring your company has an internal incident response plan and the appropriate resources to handle a cybersecurity breach is crucial.

Enforce and Review Your Data Security Policy

Drawing up a policy is one thing, but enforcing it is another. In 2021, it’s a great idea to get into the habit of regularly reviewing who has access to sensitive information and updating authorizations accordingly. You should review your policy at least twice a year to ensure it addresses the most current security best practices.

Educate and Train Your Staff

Human error is one of the prime suspects when it comes to cyber breaches. Educating and training your staff on security best practices is, therefore, vital – especially with the recent rise of remote work. Reminding employees of the basics is a good start: provide detailed information on things like:

  • Using a strong password. The UK’s National Centre for Cyber Security’s 2019 report shows that 123456 remains the most popular password in the world. Alongside not creating strong passwords, untrained staff commits many other password faux pas, including writing passwords on easily-visible post-it notes and sharing them with colleagues. These are easily-avoidable mistakes – if you take the time to address them.
  • Checking (and double-checking) recipients. According to Verizon’s 2018 breach report, ‘misdelivery’ was the fifth most common cause of all cybersecurity breaches. With many people relying on features such as auto-suggest in their emails, it is easy for employees to accidentally send confidential information to the wrong person if they aren’t more careful.

Make 2021 the year you develop watertight cybersecurity. There are plenty of free educational and training resources out there to get your company on the right track. It doesn’t have to be a dull process, either – try making it more memorable by gamifying the training.

Don’t Wait Until it’s Too Late

Cybersecurity breaches cost companies millions of dollars every year in fines and legal fees. Don’t let it cost you an arm and a leg in 2021- schedule a meeting with your IT team and discuss possible liabilities. Together, you can come up with a proactive plan to mitigate any future cybersecurity risks your company might face.

blog cta 2


Leave a Reply