Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

DOL Is Now Concerned About Internal Breaches: Should You Be Concerned?

The U.S. Department of Labor (DOL) recently updated its cybersecurity guidance to cover all Employee Retirement Income Security Act (ERISA) employee benefit plans. https://www.dol.gov/agencies/ebsa/key-topics/retirement-benefits/cybersecurity/compliance-assistance-release-2024-01

One concern is disgruntled employees. Disgruntled employees pose a significant cybersecurity risk as they may misuse their access to company systems. According to the Verizon 2022 Data Breach Investigations Report, internal threats account for 20 percent of security threats.

Common motivations from internal threats (which would include employees and former employees) include revenge, financial gain, or dissatisfaction with the organization. https://www.plansponsor.com/insider-threats-are-disgruntled-employees-a-cybersecurity-risk/ (Oct. 01, 2024).

Commentary

The DOL's concern is that a disgruntled employee would abuse their access to take personal identifiers from ERISA plan participants.

However, other risks include employees accessing employee records, including health, payroll, and financial records.

Quoting from the above cited source:

… certain employees, such as those in human resources, information technology or treasury, may have access to plan information or other personally identifiable information.

Executive, managers, and anyone with access to employee records also pose a potential risk.

Steps organizations can take to prevent internal threats are regular audits and employing advanced monitoring tools to detect suspicious activities early.

Additional steps to consider include:

  • Limit access
  • Control access
  • Monitor employee behavior
  • Cut-off credentials prior to a termination or layoff
  • Foster a positive work environment
Finally, your opinion is important to us. Please complete the opinion survey:

Survey Shows IT Pros Are Unable To Keep Up With Data Demands Over Security Concerns

Businesses need access to data to make good decisions, but too much security means data can often be overlooked. We examine the question of security versus data access.

read more

Decentralizing Data Using Cloud Networks Limits Cyber Attack Harm

A cyberattack on a city did not cause major problems because the city had taken proactive measures for just such an incident. We examine the steps taken to minimize damage.

read more

Avoiding Capture From Fake CAPTCHAs

Hackers are at it again. Now they are using the CAPTCHA security tool to trick users to download malware. We show the scheme and how to spot it.

read more

The Ever-Present Vulnerability Of Teen Workers To Sexual Harassment

The EEOC sues two companies for sexual harassment by adults of teen workers. We examine and provide a sexual harassment prevention checklist. ?

read more