Enterprise Use Cases for External Data Privacy: Part I

Executive Takeaways

• External Data Privacy (EDP) is a unique data privacy solution that addresses business and security problems by removing exposed employee personally identifiable information (PII).
• To effectively defend against data breaches, it’s vital to integrate traditional cybersecurity measures with a solution that reduces PII exposure.
• Privacy Bee’s platform proactively mitigates data breach risk by identifying and eliminating instances of employee PII exposure and monitoring the EDP practices of third-party vendors and business partners.
• Privacy Bee’s platform serves as a legitimate poaching defense while concurrently shrinking the attack surface.

The effects of a laissez-faire attitude toward personal information have become all too apparent. External Data Privacy (EDP) has become an essential business service as a result.

Consider: cybercrime is expected to cost $10.5 trillion annually by 2025 [1].

While exposed PII may not be the primary cause for this exorbitant cost, it does factor in.

Why?

One must consider the value of employee PII to an attacker. Exposed PII is a critical resource for attackers in at least two ways.

First, publicly available employee PII enables the threat actor to find and contact exposed targets. A simple Google search, now filled with People Search Sites containing loads of personal information, is often all the attacker needs.

Second, employee PII allows attackers to craft more effective attack methods (e.g., spear phishing). In the past few years, spear phishing and social engineering attacks have become the go-to means of attack. This fact is problematic, as these attacks bypass technical controls, including cybersecurity.

Therefore, an EDP solution capable of scanning, removing, and monitoring external PII has become a critical need.

Besides adding a layer of protection against attacks, EDP brings several competitive advantages, which we discuss in more detail.

To begin, let us clarify the concept of EDP.

What is External Data Privacy (EDP)?

EDP is a unique privacy solution that addresses business and security problems caused by exposed employee PII. It accomplishes this by scanning, removing, and monitoring external employee PII across the web.

EDP and the Attack Surface

“External data” is personal employee information outside an organization’s technical infrastructure. This external data broaden an organization’s attack surface by exploiting the most vulnerable security element: people.

Moreover, many orgs broaden their attack surface via data-sharing with third-party vendors and other partners that do not have acceptable EDP practices. For this reason, it is essential to integrate Vendor Risk Management (VRM) capabilities into an EDP solution.

The Costs of Ignoring EDP

Ignoring EDP costs businesses in several ways, including:

• Increased risk of data breaches and other cyberattacks
• Increased risk of lateral attacks on partners and vendors
• Employee churn
• Productivity loss
• Poor brand image
• Loss of customer trust
• Loss of stakeholder confidence

Now that we’ve discussed the potential consequences of poor data privacy practices, let’s explore a couple of use cases.

Two Potent EDP Use Cases

There are several potential use cases for EDP. In the first of this article series, we focus on the following two:

• Data Breach Defense: EDP mitigates data breach risk by reducing or eliminating the external PII often used to locate targets and craft convincing attacks.
• Poaching Defense: EDP increases employee retention by removing employee PII, an increasingly critical resource for recruiters.

Use Case #1: Data Breach Defense

Business Problem

Data breaches are a severe problem for businesses, with an increasing number of records being stolen yearly. According to a report by IBM Security, data breaches are more expensive than ever, costing an average of $9.5 million in the United States alone [2].

To combat this threat, businesses must find ways to reduce the amount of employee personally identifiable information (PII) that is exposed.

Proposed Solution

Privacy Bee offers a proactive solution to identify and eliminate instances of employee PII exposure, reducing the risk of data breaches. The platform provides a free, exhaustive scan that identifies exposed PII across the internet and dark web, including the databases of over 350 Data Brokers and People Search Sites.

The scan identifies over 117,000 indexed companies with access to employee information, and lets employees set privacy preferences, including the option to delete their information.

The platform then provides businesses an aggregate Privacy Risk Score (PRS), summarizing their risk status in a simple, easy-to-understand metric. To help enterprises remove exposed PII, the platform guides them through simple steps to reduce the business threat surface and its PRS. Privacy Bee also provides thousands of free step-by-step DIY guides to help users remove exposed data from Data Brokers and People Search Sites.

Benefits

Privacy Bee’s comprehensive solution helps businesses address a gap in modern data breach defenses. By integrating the solution that accounts for exposed PII, companies can strengthen their data breach defenses via a powerful yet accessible EDP platform.

The platform also offers a free Vendor Risk Management (VRM) app that monitors the EDP practices of third-party vendors, enabling procurement departments to select vendors while the app begins immediately monitoring EDP risk.

Some tools the business is given to help monitor and measure vendor EDP risk include privacy risk scores, rich analytics, risk tolerance thresholds, and department-level risk assessments.

Use Case #2: Poaching Defense

Business Problem

As the labor market tightens and top talent becomes increasingly difficult to retain, enterprises face the challenge of fending off aggressive recruiting efforts. With labor economists predicting a continued contraction in the labor market until at least 2030 [3], the costs associated with replacing and training new employees have further incentivized recruiters to find new talent.

The demand for recruiting agency services has led to a more competitive recruiting sector, fueling the “war for talent.” However, this war has also resulted in feelings of desperation and greed among recruiters, leading to increasing recruiter harassment and spam.

Proposed Solution

Privacy Bee’s EDP solution scans for, removes, and monitors employee PII across hundreds of Data Brokers and People Search Sites.

Additionally, employees can set their privacy preferences for over 117,000 companies, including the option to request that companies remove their data. In this way, Privacy Bee’s platform shrinks the business threat surface and enhances its poach defenses.

Benefits

Privacy Bee offers a simple but accurate quantitative measure to assess the efficacy of its platform: a Privacy Risk Score (PRS). Upon an initial scan for employee PII exposures, Privacy Bee’s proprietary algorithms calculate a PRS that businesses can use to gauge their threat surface and poach defense capabilities.

Case Study

In an early case study measuring the poaching defense impact of its solution, a private healthcare company’s retention rate increased from 62% to 89% in just one year. Additionally, the company saved an estimated $15,000 in lost productivity [4].

References

[1] Cybersecurity Ventures. (2020). Cybercrime to Cost the World $10.5 Trillion Annually By 2025. Retrieved from https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

[2] IBM. (2022). Cost of a Data Breach. Retrieved from https://www.ibm.com/reports/data-breach

[3] US Bureau of Labor Statistics. (2021) EMPLOYMENT PROJECTIONS—2021-2031. Retrieved from https://www.bls.gov/news.release/pdf/ecopro.pdf

[4] Privacy Bee Business. (2023). Employee Poaching, Churn, and External Data Privacy—How to Mount an Innovative Poaching Defense. Retrieved from https://business.privacybee.com/resource-center/employee-poaching-churn-and-external-data-privacy/