Dive Brief:
- Data security typically falls to the IT department, but with the rise in internally driven data theft and breaches, IT and HR need to get their heads together to create a truly effective data security front, according to CSO.
- One example mentioned by CSO is the breach the Federal Deposit Insurance Corporation (FDIC) experienced when an employee leaving the organization mistakenly downloaded 44,000 customer records, including personally identifiable information (PII), to a USB thumb drive.
- Also, CSO writer Taylor Armstrong cites a Wall Street Journal article that reported the FDIC has reported seven such breaches within the past eight months – each one done by departing employees, potentially compromising the PII of 160,000 Americans.
Dive Insight:
Whether or not more collaboration between IT and HR would have stopped the FDIC and other incidents is not clear, but Joseph Loomis, founder and CEO of CyberSponse, told CSO that it is, “always good practice to have a strong connection between IT and HR.”
Tracking employees' comings and goings falls to HR, he said, adding that “Anytime there is human behavior involved, HR should also be involved."
Charles Choe, product marketing manager for Guidance Software, told CSO that HR must notify IT when employees are leaving, no matter what the circumstances, so those employees can be closely monitored. “It is also HR’s responsibility to properly educate employees that any work produced during employment legally belongs to the organization, and not the individual, at least in the United States,” Choe told CSO.
