Written by Ralph Metzner, FEI Director of Product Management

Cyber-attacks are in the news again as the presidential election has been repeatedly shaken up by email hacks and the subsequent leak of sensitive or damaging information.

As cyber-attacks grow in frequency and severity, it may be less surprising that these attacks occur than that organizations and individuals continue to behave as if such attacks were not a threat. While the list of lessons to be learned from these attacks is long and continues to expand, at least two “best practice” principles seem obvious in the context of planning for and responding to cyber-attacks:

  • Email communications should never be treated as secure, private or off-the-record; and
  • While the focus on information security is most often technical, the human consequences of these attacks are what organizations are least prepared for.

In the case of the recent politically motivated email hacks, individuals are being separated from their employment as a result of leaked information and remaining employees are likely stressed or traumatized by now public revelations. Unfortunately, this pattern is one we have observed and experienced in the wake of many high-profile hacks. While the potential for damage to a company’s reputation or brand is obvious, the “ripple-effect” of these incidents on employee morale and productivity is only apparent in the wake of an actual attack.

For those of us involved in managing organizations through times of crisis, it is worth remembering that—far from the headlines—there is a real human cost to these attacks and we must plan accordingly. People resources should be at least as resilient as information infrastructure, and while most organizations have a plan in place to defend their data, managing the human aspect of cyber-attacks is often an afterthought.

It’s time to put people first and plan for the human element of cyber-attacks before they happen.