Andrea Babbs is bringing HR up to date with the world of 21st century cybersecurity.
A majority of organisations were unprepared for the consequences of the pandemic, forcing employees to work from home and having to adjust to frequently changing lockdown restrictions. The role of human resources teams has been critical in deploying these changes and supporting workforces through these transitions.
However, research reveals that during May and June 2020, UK businesses lost over £6.2 million to cyber scams – with a 31% increase in cases. Cybersecurity must not fall down HR teams’ priority lists, and should be underpinned by a cyber aware culture, with supporting digital technologies.
Controlling remote workforces
From managing teams in the office to staff now being remote, HR managers have additional responsibilities and challenges on their hands. With many working on their personal devices, with a lack of antivirus software and home-life distractions, it’s inevitable that mistakes will occur. As innovative attackers continue to target uneducated employees, the issues of preserving security are clear.
It was recently found that 58% of businesses believed that working from home has made employees more likely to circumvent security protocols – for example, failing to change passwords.
58% of businesses believed that working from home has made employees more likely to circumvent security protocols
Other problems that could emerge include employees browsing on inappropriate websites, which must be controlled appropriately by restricting access to unauthorised links. By deploying the right security solutions across all employees’ devices, HR teams can alleviate these threats.
Abiding by GDPR
From health and financial records to CVs for prospective and current employees, the private information handled by HR teams is a gold mine for cyber hackers. Moreover, HR teams must abide by GDPR, and ensure that the personal data they look after is secure and confidential.
The newest GDPR data breach survey found there was a 19% increase in the number of breach notifications, with 331 data breach notifications each day across Europe. And the effects of such violations could be detrimental, with fines up to 2% of an organisation’s global turnover.
The main communication channel for workforces to send and share sensitive information is via email, which can be an open door to cyberattacks, with one in every 3,722 emails in the UK being a phishing attempt.
Employees often fail to remember to check they are sending an email to the right person, or that it has the right attachment, which could be because of increasing pressure to work harder and faster, especially when working from home. But by deploying digital security solutions, they can offer a critical alert for the user to validate their message before it’s sent.
The danger of phishing emails
Cyber attackers are continuing to take advantage of COVID-19, playing upon employees’ weaknesses through social engineering techniques by sending cleverly designed spoofing emails or malicious attachments.
Often, HR email addresses are made publicly available for job applications, which presents an opportunity for a phishing attack, such as when employees have been asked to attend a Zoom call with their HR department, which is a way for cyber attackers to gain access to corporate email login credentials.
To prevent teams falling victim to these dangerous links and make them more aware of existing threats, digital technology can prompt users to check that their email is correct before sending it. These tools can also call attention to any potential phishing emails which may look suspicious, and prevent domain spoofing.
Additionally, email encryption and tamper-proof email archiving solutions can help to ensure that confidential information is sent securely, as well as these communications being locked away in a safe place. Such emails are stored in the archive for later retrieval, but in the meantime, are safe from deletion or editing.
Above all, users themselves are often the number one gateway for cyber attacks. Human error has been the biggest cybersecurity challenge during the pandemic, according to CISOs. This emphasises the importance of human resources teams to fortify the need for a strong cyber aware culture throughout the workforce.
By deploying security awareness training programmes, teams can understand the role they play in keeping business information safe, how to prevent an attack and what to look out for when sending and receiving emails.
HR teams must consider the strengths and weaknesses of their workforces in order to choose the right programme to meet their needs. They must also think about the regularity of the training, how engaging the training is and whether there are any analytics or reporting available to highlight improvements over time.
As well as utilising training for their employees, HR teams should also receive their own regular training, which covers the reputational, financial and legal dangers that come with cyber attacks.
By having an educated and aware workforce across the business, there is less reliance on IT teams to keep personal data safe, and more responsibility towards employees to work together and create a secure culture.
The future of the workplace has changed due to COVID-19, presenting both new opportunities and challenges to HR teams. As the number of cyberattacks continues to increase, cybersecurity must remain a priority, and it is the responsibility of HR to ensure that the right tools and education is available to workforces.
A layered approach is essential in the modern threat landscape of today, but more importantly, having employees who are proactive and aware to keep business information secure and out of the hands of attackers.
About the author
Andrea Babbs is UK general manager, VIPRE SafeSend