Cyberattacks: HR’s Role in Data Security

Recently we’ve reached the one-year mark since the World Health Organization has officially declared COVID-19 as a global pandemic. Many of us were ushered out of the office and began our (and for many, on-going) work-from-home routine. With more employees working remotely, there has been an exponential increase in reliance on technology. From cloud sharing to video calls, our computers have officially become the most important work tool we have. As such, it is now more important than ever to pay attention to data security and place risk management on your to-do list — if you have not already.

What Are the Potential Dangers

When someone mentions security breaches, it’s easy to first visualize hackers like Neo from The Matrix. However, cybersecurity issues in real life are not always theatric. Yet, it can nonetheless cost your organization major financial and emotional distress. It is estimated that 95% of cybersecurity breaches are a result of human error, with examples including:

  • Loss of laptop and USB drives
  • Not reporting to HR when there is a security concern
  • Using work laptop for personal activities
  • Using public networks for work
  • Reusing same passwords and not frequently updating passwords

Cybercriminals tend to target the weakest links in your organization. These would include new employees or those that may not be as adept at technology. But how do these human errors translate to cybersecurity breaches?

Common Types of Security Breaches

One morning many months ago, half an hour before work was supposed to start for me, I received an email from my “CEO”. The email was titled “URGENT” and asked me to send him my mobile number to “complete a quick task”. However, the first thing that stood out to me was that the email did not have our usual company email signature. When I looked more closely, I realized that although the contact name was the name of my CEO, the email address was something completely different and completely off. This is what is called a Phishing scam, one of the most common cyber attacks amongst many others:

  • Phishing: This practice sends emails from what seems like a trusted source in order to gain personal information. These emails would usually include an attached file or illegitimate website that would trick you into revealing personal information and/or downloading malware.
  • Malware: Short for malicious software, a malware is often downloaded without you knowing its presence. A malware would steal, encrypt, or delete sensitive information from your system. It can also alter functions without your consent and infect your system.
  • Man-in-the-Middle Attack (MITM): An attacker would intercept a conversation between two parties that believe they are communicating with each other. The attacker would then manipulate, filter, and steal information from the conversation.
  • Distributed Denial-of-Service Attack (DDoS): A DDoS attack disrupts and overwhelms your system by flooding your network with requests. This leads to your system being unable to fulfill legitimate requests and setting up a situation in which the attacker would extort your organization for money to remove the malware.

These are just a few examples of types of security breaches, with each type mentioned above being able to break down into even more specifications. Ultimately, these cyberattacks aim to extort sensitive data or disrupt your work to ask for monetary compensation. No matter the size of your organization, it is extremely important to prepare for these cyberattacks to prevent both monetary loss and emotional distress.

Start the Conversation

Contrary to popular beliefs, cyberattacks usually have little to do with mistakes from the IT department. Instead, hackers usually find loopholes through employees that are less aware of internet safety practices. As an HR manager, the first step you can take to prevent cyberattacks is to educate your employees about the potential threats. Take some time out of your inter-department meetings to raise awareness to this issue. If you have the time and resources, consider signing your employees up for a short course on internet safety and data protection!

Best Practices

On top of actively discussing potential cyberthreats, it is also important for your organization to be up-to-date with data protection practices. As the one who manages people, it is important to foster an environment that not only actively encourages practices of data protection, but also provide the tools and platforms in which employees are able to do so. Take some time and have a conversation with your IT and legal team to see what changes can be made for better data protection!

Risk Management Starts Now

As of 2020, the average cost of a data breach is estimated to be $3.86 million – a starring number that will without a doubt have a detrimental effect to your organization. Don’t wait until it’s too late to start paying attention to potential cyberattack threats!