Ten years ago, an average employee had to go to the same workplace every day and be connected via the same on-premise system, but today, the situation is much different. People can work from anywhere, they can bring their own mobile devices and access secure company data using cloud-based applications. While the new technology has made employees’ lives easier, it has also opened the doors to a number of cybersecurity threats. Security breaches are pretty expensive and in most cases destructive for all companies, both big and small. According to a 2015 Ponemon Institute study, cybercrime costs the world economy around 100 billion dollars every year.
The Inside Threat
But data breaches are not as much technology risks as they are cultural risks because most of the data breaches come from inside the organization. You may also be surprised to know that nearly 60% of employees steal classified data after they quit (according to the research conducted by Symantec). However, a bigger threat may come from the well-intentioned employees who regularly make such mistakes as using private email accounts to access corporate data and accidentally sharing classified files on social media. A recent IBM study discovered that more than 20% of breaches can be attributed to careless employee oversights. Thankfully, the HR department has the right skills and insights to diminish all of these potential threats.
The Role of HR
Now, given that so many security problems can emerge due to the actions of the employees, HR departments alongside IT teams can play a vital role in the fight against cybercrime in the office. In most cases, the data HR managers' work is most vulnerable to attacks because these records contain some of the most private information about the workers– everything from social security numbers to home addresses and credit card information. Because of this, it is crucial that every single worker in the HR department has a complete understanding of how to safeguard this data.
The Threat of Social Engineering
Before you even start to develop a defense strategy, you need to recognize the potential cybersecurity threats. Since we have already established that people are usually the weakest link in the security chain, it should not be surprising why psychological manipulation of employees is so common. In the context of data security, social engineering refers to the manipulation of workers into divulging classified information. While these attacks are nothing new, they are not going anywhere – for instance, just last year USA Today reported that a cybercrime ring managed to steal over $1 billion from more than 100 banks in 30 different countries over the course of two years. These particular cyber criminals used the spear phishing technique to target bank employees – this method is by far the most successful hacking tactic today, and it accounts for more than 90% of all cyber-attacks.
Prevention Tips
- Employees have to be careful about password management – according to SplashData, “123456” and “password” are still the two most popular passwords – so the workers need to start creating stronger passwords, change them on a regular basis and if needed, use some type of password management system.
- Training all of the staff on security protocols is probably the most effective role an HR professional can play. This is particularly important when it comes to the new employees that just joined the company.
- Since a huge chunk of company data is probably stored online in a cloud-based scheduling app, you need to make sure that your staff uses only the most secure employee scheduling software.
- The HR department has to be responsible for stressing the legal consequences for the workers that do not comply with the security guidelines.
Conclusion
We have to face the facts– the threat of cybersecurity will never be completely eliminated. However, HR departments across the industry have a chance to restrain these risks through extensive collaboration with the IT department and effective employee management. After all, the numerous studies we looked at show that the biggest threat to any organization is seemingly its own workforce.
