Where Does Your Company Stand on PII?
Do you know your company’s policy on PII in the workplace? How do your co-workers interact with PII, and who’s allowed to access it? Who is the PII control officer at your business?
Wait… what’s PII, and why do we have to protect it?
PII, or personal identifiable information, is all the data that links back to an individual, like names, Social Security numbers, birthdates, and more. In short, it’s the information that makes it possible for someone to steal your identity. And all too often, businesses set the bar pretty low when it comes to making sure that their customers’ and their employees’ PII is safe.
October is National Cybersecurity Awareness Month, and the hosts of this important event have designated week two to look at how identity theft and cybersecurity are impacted in the workplace. “From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace” literally means that every single member of the team has a part to play in protecting data, and any one of those team members can be the weakest link that leads to fraud.
Malicious events do happen at work. Intentional “inside job” data breaches can happen in any industry and with any level of employee from the janitor to the CEO. That kind of intentional act is a crime and it needs to be prosecuted. But all too often, it’s not the willful intent to steal data that lands businesses in hot water. Instead, it’s the failure to put safeguards in place and to enact company policies for protecting information that can lead to a data breach.
Late last year, patient medical records were found discarded in a dumpster outside am Ohio medical facility; in 2014, students’ records from a Colorado middle school were found after also mistakenly being discarded in an open dumpster. The patient records contained the individuals’ Social Security numbers, and the school records even contained copies of the children’s birth certificates. In both cases, the mistake was simply an error rather than an intentional act, but the end result could still mean the personal records were compromised. And those are just two of the many cases reported each year.
Part of workplace cybersecurity means knowing what the threat is, and implementing policies to prevent an incident or correct it. But for too many companies, cybersecurity policies, training, and tools are an afterthought, a nice idea that simmers on the back burner while the company handles the chaos of day-to-day business.
This year, companies of every size and industry are encouraged to take action in order to put cybersecurity in the forefront where it belongs. If your company has no data protection policy to safeguard employees’ PII and that of your customers, the time to develop one is now. If your company doesn’t offer training, especially in the area of IT and data loss prevention, there are resources that are widely available to help.
The most important thing you can do, no matter what level of position you hold within your company, is to speak up about the need for awareness and education. Your information might be at stake, and the solid reputation of your company may be as well. Knowing how to prevent the loss or theft of sensitive data makes your workplace a safer environment and means your company’s bottom line will be less likely to take a hit due to a data breach.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.