Companies have HR departments that are responsible for storing confidential information such as an individual’s social security number, payroll information, health information as well as employment history.
Because of enormous amount of sensitive data collected on individuals, HR departments opt to store data in a digital format, thus, making it susceptible to cyber-threats. Furthermore, since HR departments receive more email that any other department in a company, they are even more vulnerable to such threats. One of the most challenging form of cyber-attacks that HR departments face today is ransomware.
Ransomware is a type of malware that encrypts data and restricts access to a computer system. Often malware is sent through an email in the disguise of a resume or cover letter. When the email is opened, then the malware infects the computer and the entire network. The next time a user tries to gain access to the computer system, he or she is required to pay a monetary ransom in the form of Bitcoin to remove the restriction. WannaCry is one commonly known name for the recent ransomware attack that affected many companies.
Ransomware not only steals an individual’s personal information, but it damages a company’s reputation and financial status as well. The good news is that there are steps that HR departments can take to prevent ransomware attacks.
Basic Security Measures
It is imperative that HR departments work closely with the IT department to implement strong web filters and spam controls as a basic security measure. Next, the IT department should have Endpoint analytical tools to immediately detect, quarantine and shut down ransomware invasions.
Finally, always have a working data backup plan that is not connected to the company’s network so data cannot be infected.
Latest Operating and Software System
The IT department should make sure that the company’s operating system and software is up-to-date. It is extremely important that security updates are installed on all machines as they are released to protect all computers on the network.
If the company uses Microsoft Office software, it is recommended that macros are turned off. In addition, remove plugins if using Adobe Flash, Adobe Reader, Java or Silverlight since these plugins can run a risk of having embedded malware attached to them upon installation.
It is essential for companies to train employees on their information security policies. Employees must understand that technology alone is not enough to protect sensitive data and that there are cybersecurity threats that can bombard them.
Employees need regular training sessions in learning how to use technology as well have an understanding that technology is not always foolproof. There should be employees training in the do’s and don’ts of data protection. Since HR employees receive numerous emails daily, they need to know what types of files are safe to open.
Finally, employees need to know how to respond, and to whom they should report a cyber threat if the unthinkable happens.
Network Segmentation and Separate Work Stations
The IT department needs to ensure that the company’s most sensitive data is not stored all on one network. This is done through network and database segmentation. A restriction should be in place where only certain authorized individuals can access sensitive information. For example, make one person the administrator for the system.
The administrator should only log into the system as absolutely deemed necessary and use a regular account for everyday use. Furthermore, the IT department should assign dedicated workstations to employees responsible for reviewing resumes and monitor workstation usage.
To ensure the validity of the company’s security, it is a good idea to hire an outside firm to test the vulnerability of its IT security. By hiring an outside firm, the company can understand where hackers can possibly penetrate the system, and take necessary steps to make data more secure.
To conclude, HR departments have access to massive amounts of sensitive data and the employees are typically not very well educated in knowing how to protect themselves from data breaches. Therefore, they are an easy and lucrative target for hackers.
It is easy to see why HR departments are prone to such cyber-attacks. However, when the HR staff works more closely with the IT department, preventive steps can be taken to reduce ransomware attacks. Precautionary steps such as implementing basic security measures, installing the latest operating system and software, setting up network segmentations and dedicated workstations, training employees and having outside testing to check for security breaches can save a company’s reputation and financial status.
About the Author:
Josh McAllister is a freelance technology journalist with years of experience in the IT sector, and independent business consultant. He is passionate about helping small business owners understand how technology can save them time and money.