Kalles/Group Articles

Why you should work for a company that cares about information security

Not a month goes by these days without hearing in the news about a high-profile hack attack of a major national brand. As an employee why should you care about working for a company that invests in information security?

Information is the heart of any organization, and yet each year, companies stand to lose millions due to data breaches. Minimizing these threats helps companies stay competitive and protects valuable information from getting into the wrong hands.

As an employee, you should care about the well-being of your company’s security. When researching jobs, look for a company that:

1. Educates its employees
2. Protects its employees’ data
3. Has a good reputation
4. Protects its corporate assets

Educating employees

One of the biggest IT security risks for a company comes from its own employees. More than 60% of external attacks target employees via social engineering. Hackers are opportunistic and exploit activities such as unexpected communication via email and social media.

The latest security technology may protect core systems, but it cannot protect against employees giving away information on social networks or using their own, less secure, mobile devices for business purposes.

“It is a myth that technology will protect you,” says Tony Dyhouse, cybersecurity director at the UK Technology Strategy Board’s ICT Knowledge Transfer Network. “Those who attack us have no wish to spend a lot of time and money defeating our technology. They attack the user, which is much easier.”

A company that creates a culture of security awareness via employee training and, more importantly, that influences their employees’ behavior around security issues, will be better able to weather any security breaches.

Protecting employees’ data

Something that often goes unnoticed is the effort businesses go through to protect employees’ personal information. Promoting data security in the workplace may be one of the most important (and most taken for granted) ways companies show they care.

The loss of company data can have extreme impacts on employees, especially if their personal information is included in what was lost. This information can include physical addresses, bank account information, and social security data. In the wrong hands all of these details can destroy an employee’s personal finances and credit for years to come.

Many companies have lost significant profits and customer trust as a result of data breaches. This can impact employees even more, especially if this drop in business leads to layoffs.

A company that takes steps to protect against a data breach significantly safeguards its employees.

Having a good reputation

Cyber threats have become an increasing concern for companies across the globe. Data breaches can cause high reputational as well as financial damage.

Once a company’s name becomes associated with questionable data security, the setbacks start to kick in. For example, CSO reported that a study by Semafone found that of 2,000 survey participants nearly 87 percent would not (or were not very likely to) do business with a company that had faced a data breach involving credit or debit card information.

“These figures serve to underline what we should already know – that the reputational damage suffered by companies who fail to protect personal data can translate directly into a loss of business,” said CEO of Semafone Tim Critchley.

And the losses go beyond lost sales. Businesses are also forced to spend hefty funds on improved security measures by way of consultants, security vendors and test runs, fees for lawyers, pending lawsuits, and the payment of fines from data protection authorities.

Experian conducted a survey called “Reputation Impact of a Data Breach” and the numbers were daunting. Of the companies surveyed, the average loss to the value of a brand ranged from $184 million to $332 million, depending upon the type of information that was compromised. The decrease in value was not the only worry cited in this survey. Participants were also concerned with the time span required for recovery of brand image – some respondents estimated it would take longer than a year.

A company that earns and maintains a strong reputation in regards to their information security prospers more than those who have a poor standing.

Protecting corporate assets

Perhaps even more valuable than the physical assets of a company are the ideas and data that help keep organizations competitive and efficient. These assets can include new designs from engineering, proprietary production methods and procedures, sensitive company financial data, customer contact information, and employee records. Any piece of information that is beneficial to the organization is an asset. Likewise, any sensitive data that would cause damage to the organization if seen by outside entities should be considered as assets worthy of protection.

Recently, Apple announced its bug bounty program, whereby it will start paying hackers up to $200,000 for reporting vulnerabilities in its products, says the Wall Street Journal’s Robert McMillan. With its new “security bounty,” the company joins a growing list of technology companies that pay cash for valuable security information. Microsoft Corp., Google parent Alphabet Inc., and Facebook Inc. have paid out millions of dollars in bug bounties over the past few years.

A company that prioritizes protecting its corporate assets shows that it values its information, ideas, and data, and will be well-positioned to endure any security attacks.

In short, protecting data is a serious concern for all companies, so it’s imperative when on the job search to seek out companies that place a strong emphasis on information security.