No matter your line of work, you probably begin your day by checking your email on your phone. Even if your employer has a policy of having employers not check email until they get to the office, you probably have enough confidential information related to your identity and finances stored on your computers and mobile devices, at home and at work. If hackers steal one person’s data from a personal cell phone or computer, it is devastating to the owner of the device, but if hackers gain access to the data on the computer in a human resources office of a company, then hundreds of employees experience that same disruption. The Alabama data breach lawyers at HKM Employment Attorneys LLP can help employers and employees recover from breaches of employees’ confidential data.
Why Workplace Data Breaches are So Scary
If you work for a company that has more than a few employees, it probably uses business software that includes an employee portal where employees can update and access their personal information. The documents in the portal include your tax forms, pay information, and insurance information. If someone illegally gained access to it, they could easily steal your identity. For example, your employer has your social security number so that they can withhold taxes for you. Likewise, if you receive your paycheck by direct deposit, then your employer has your bank account information stored.
A breach of the data of a company’s human resources department could cause hundreds or employees to become victims of identity theft, or even more in the case of a very large company. Business email compromise scams specifically target large companies, with scammers attempting to steal the identities of employees and clients whose information is stored on the company’s computers. A business email compromise scam is a type of phishing scam, and all it takes is one employee to fall for the scam before scammers gain access to volumes of confidential data.
How to Keep Work Emails and Other Confidential Information Safe From Data Breaches
Whether at home or at work, your caution can help protect your data and that of your co-workers from data breaches. Here are some things that you can do to protect your data, no matter your role in your company:
- Create secure passwords for all password-protected areas of your company’s sites. Do not use any combination of letters that Google would recognize as real English words; intentionally misspell words or combine words from different languages in a phrase. If you are in the company’s IT department, set minimum requirements for password strength, and require employees to use different passwords to gain access to different content, for example, one password for work email and another one for the employee portal. Require employees to change their passwords every three months.
- The company’s email and other online systems should require two-factor authentication, where employees must respond to a message on their phones verifying the login when they log in on their computers.
- Do not respond to emails that ask you to enter your email password, even if the email appears to originate from your company’s IT department. If an email asks for your password, the chances are very high that it is a phishing scam.
- Do not enter your credit card number, bank account information, or social security number anywhere online except on secure sites, the identity of which you can verify.
- Do not store passwords on your device; if you do, then anyone who uses your device can access your data.
- Do not open email attachments unless the sender is someone with whom you regularly communicate and unless the body text of the email refers directly to the attachment and describes its contents. (For example, you can open an attachment from an administrative assistant in your company if the body text says, “Please find attached the minutes of yesterday’s meeting.”)
What Employers and Employees Should Do if Data Gets Stolen
If your data gets stolen, you should notify the entities with whom the data thieves might try to misuse your identifying information. For example, notify your bank and credit card company not to authorize transactions made with your account after the day the breach occurred. Notify law enforcement of the identity theft, too. If you think the data breach happened through your work email, then notify the human resources and information technology departments in your company. It is also never too soon to contact an Alabama workplace data breach lawyer.
HKM Employment Attorneys LLP Helps Victims of Workplace Data Breaches
When large numbers of employees get their data stolen when their employer suffers a large-scale data breach because of a business email scam, the employees may be able to recover damages for the money they lost as a result of the identity theft. They can do this by filing a class action lawsuit. HKM Employment Attorneys LLP has successfully litigated several class action lawsuits in which they represented employees who fell victim to identity theft after scammers breached the company’s data. In a 2016 case, HKM Employment Attorneys LLP represented 800 employees in a lawsuit against their employer, a pharmacy which did not take sufficient measures to protect the employees’ data. In another case that same year, HKM Employment Attorneys LLP represented 1,500 people whose data got stolen when a cyber attack targeted a real estate investment company. In this case, HKM Employment Attorneys LLP persuaded the court that the company had not exercised reasonable caution by using available technologies to keep the systems that held employees’ and clients’ sensitive data safe from hacking.
Contact an Alabama Data Breach Lawyer
Alabama’s economy is growing, thanks to businesses adopting new technologies, but leaving your company vulnerable to data breaches can cause enormous financial losses for you, your employees, and your clients. An Alabama data breach lawyer can help you prevent data breaches or mitigate the damage if a breach has already occurred. Contact the Alabama data breach lawyers at HKM Employment Attorneys LLP to set up a consultation.