Prioritising Cybersecurity within HR Teams
April 3 2021 - The pandemic has forced businesses of all sizes to change processes overnight, transitioning employees to work from home and adhering to rapidly changing lockdown restrictions. Human Resources teams play a critical role in supporting and executing these changes across the organisation. However, cybersecurity must not fall down the HR team's priority list, with research revealing that during the peak of the pandemic, reported cases of cyber attacks increased by 31%. Andrea Babbs, UK General Manager, VIPRE SafeSend, explains that a layered approach to cybersecurity is vital, and more importantly, must be underpinned by a cyber aware culture.
The Risks of Remote Working
HR teams have new duties and challenges on their hands with the introduction of home working. As workforces are dispersed and often working on personal devices with inadequate levels of antivirus software downloaded, combined with home-life distractions, mistakes are unavoidable. Additionally, the tactics hackers are now using are becoming more sophisticated, and uneducated users are becoming more of a target.
As well as evident external security risks, new research found that more than half of businesses believed that working from home made employees more likely to circumvent security protocols - including failing to change passwords. Another internal issue that could arise from remote working is unprofessional website usage, which must be managed judiciously by blocking access to inappropriate links. By implementing the correct security tools across all employees' devices, HR teams can minimise these issues.
Keeping Confidential Data Safe
The sensitive data handled by HR teams is extremely valuable for cyber hackers, including health and financial records and CVs for prospective and current employers. Due to the personal nature of this information, HR teams must comply with General Data Protection Regulations (GDPR), but if this data is not kept secure the consequences could be devastating, with fines up to 2% of an organisation's global turnover. With the number of data breach notifications rising by 19% this year according to the latest GDPR data breach survey, data protection must be a priority for HR teams.
One in every 3,722 emails in the UK is a phishing attempt, and with email being the main communication channel to send and share personal information, this is an open door to cyber attacks. Due to the familiar nature of sending and receiving emails, employees regularly forget to double-check the recipient or attachment before sending to ensure it is correct. However, by deploying innovative security solutions that flag potential mistakes before an individual clicks send, organisations can mitigate against this high-risk area, while reinforcing compliance credentials.
Digital Security Solutions
As employees continue to work remotely from home, away from the trusted help of their IT teams, it's no surprise that attackers are using this to their advantage to gain access to business networks. This is often conducted through social engineering techniques, such as sending spoofing emails or malicious links to internal contacts. Additionally, the contact information for HR teams is often publicly available for recruitment purposes, which hackers can utilise for a phishing attack. For example, employees have been asked to attend an urgent Zoom meeting, which is seen to appear from their 'HR department,' presenting a way for cyber attackers to gain access to corporate email login credentials.
Digital technology tools, including VIPRE's Safesend, can help to avert users falling victim to a phishing email, for example, by reminding them to double-check their email is correct before clicking send. Such solutions can help support employees by making them more aware of existing threats by alerting them when an internal or external email may be malicious. Furthermore, email encryption and tamper-proof email archiving solutions can assist in ensuring that classified material is distributed securely, as well as these communications being stored away in a safe place.
An Educated Workforce
According to new research, 80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic - highlighting how employees themselves are often a critical gateway for cyber attacks. This demonstrates how vital consistent training and education is in order to build a strong cyber aware culture throughout the workforce - it is often the role of Human Resources to put this in place.
Security Awareness Training programmes can help teams acknowledge the part they play in fending off an attack, what to be aware of when sending and receiving emails and how to keep business information safe. But in order to choose the correct programme to meet all staff needs, HR teams must contemplate the strengths and weaknesses of their workforce. They must also consider how consistent and engaging the training is, and how the outcomes of the programme are reported to demonstrate improvements throughout the course.
In addition to employee training programmes, HR teams themselves should also undergo monthly training which outlines the consequences of cyberattacks, such as the financial, legal and reputational damages. It is typically found that IT teams are expected to keep business data safe, but by having an educated workforce across the business, this responsibility can be shared - in turn, creating a secure and mindful culture.
COVID-19 has fundamentally changed the future of the workplace so HR teams need to adjust their security measures to suit the needs of the 'new normal.' With rising cases of cyberattacks, cybersecurity must remain a prime concern, and HR teams have a responsibility to ensure that the correct tools and training programmes are available to the workforce. A tiered approach to cybersecurity is necessary for today's modern threat landscape, but digital solutions cannot work effectively by themselves. The key is to have an aware and proactive workforce who understand the role they play in keeping business data safe.