Many employee data leaks aren't being reported

An abstract image of a database
(Image credit: Image Credit: Pixabay)

Employee data is stolen and leaked as often as customer data, but these incidents are less frequently reported, a new report from Kaspersky has found.

Its Employee Wellbeing 2021 report says businesses “regularly” face employee data leakage, but almost half (45%) of them prefer not to disclose these events to the public.

The problem is two-fold, the report seems to be suggesting, as both companies, and their employees, have a big role to play. Almost all of the incidents (85%) that result in data leakage, are tied to “the human factor”. In other words, to employees and employers making the wrong calls.

Employee role

From the business side of things, Kaspersky hints, there are two things they can do - provide complete security of their workers’ data (something only a third is able to do right now), and provide employees with cybersecurity training and knowledge on how to protect themselves from malware and other threats - something only 44% of businesses are doing, at the moment. 

Employees, on the other hand, need to understand the vital role they play in every organization’s cybersecurity chain, and behave accordingly, especially when it comes to safeguarding the endpoints they use. 

Crisis communication

Organizations keeping employee data leakage a secret “is a sign that the problem is bigger than it seems”, Kaspersky concludes, adding that among the rest, fewer than half shared the information about the incident proactively. In fact, 12% did so only after it had already been leaked to the media. 

“This shows that this type of leak is the least frequently disclosed, compared to corporate or customer data breaches,” the report claims. At the same time, employee data is a popular target among malicious actors, being surpassed only by customers’ personally identifiable data. 

Properly communicating in a time of crisis can minimize the potential reputational damage and mitigate financial losses, says Evgeniya Naumova, Executive Vice President, Corporate Business, at Kaspersky. That’s why organizations should develop a clear crisis plan, and make sure employees are trained in advance. 

“Corporate communications professionals and IT security teams should collaborate to exchange information on cybersecurity insights and determine guides, tools, channels, and language that might be helpful to accurately handle both internal and external communications in case of an emergency,” Naumova added.

You might also want to check out our list of the best firewall tools out there

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.