How Employee Corporate Email Use Can Put Your Organization at Risk

Author: Morey Haber, CTO, BeyondTrust

 

As part of onboarding, new hires typically sign an employee handbook which includes policies and guidelines for acceptable information technology usage. Within the details, are often policy restrictions regarding unacceptable usage for email. Typically, these policies state that email should only be used for official company business correspondence, and not for personal communications.

If you travel frequently for work, or are responsible for purchasing merchandise or services for your employer, is it acceptable to use your work email address, or should you use your personal email to complete the transaction?

This question, and the aftermath of your departure from an organization, can create a complicated situation and security risk that most employers are completely ignoring. And, unfortunately, they have no way to manage or mitigate the potential risk. Consider these real-life scenarios that organizations are facing today:

 

Scenario 1: Using corporate email accounts as login for travel services

An employee creates an account on an airline’s website using the corporate email address. This address is used for authentication into the service and to book flights or other travel arrangements.

Potential security implications

After their employment is finished, any notifications or future bookings for flights are tied to the suspended business email account. If your organization auto-forwards the email to a peer or a manager, then an identity theft threat vector has now been created. A co-worker now receiving the former employee’s emails can simply select “Forgot password” and own the former employee’s account. This is especially true if the account is not further protected by security questions or additional two factor authentication. If verification is tied back to the same email address, then it is game over once they have a confirmation link.

Recommendation

The most security-conscious way to handle this scenario is for an organization to enforce the use of an approved corporate travel service for booking flights, hotels, cars, etc. in lieu of allowing employees to book travel on their own and using a corporate email account. If the business permits bookings outside of a corporate service, allow and recommend individuals to use their personal email accounts for booking travel—even if they pay with a corporate credit card. After all, it is their account.

 

Scenario 2: Email address formats

Most organizations have an email address schema. Typical formats include first initial last name or first name dot last name.

Potential security implications

What happens when an employee leaves the organization and a new employee starts with the same name or initial combination? The new employee potentially receives all email of the former employee even if it not slated for them. Depending on the new employee’s role, the email may not be remotely appropriate (such as when PII and financials are involved) for them to receive. Organizations that continue to grow will have a higher statistical likelihood of overlap for names and initials.

Recommendation

Organizations should never reuse email addresses from former employees for new personnel. Consider adding numbers like “01” to the end of new email addresses to avoid this problem in the future.

 

Scenario 3: Using corporate email accounts for payment gateways

Some organizations allow for the purchase of merchandise and services through common payment platforms, like PayPal or Apple Pay. These are necessary for some employees (such as marketing team members) to perform their job functions.  However, none of these platforms should be set up with a user’s corporate email address. If they need to use a business email address, create a group or alias for these services.

Potential security implications

Just as with the air travel example in the first scenario, a personal account used for services can be leveraged against the individual if they leave and have no access to change their email address.

Recommendation

For these types of situations, it is recommended to use a dedicated account name for authentication, as opposed to an email address. This option allows the account owner to change the email address, but does present additional risk if the account is shared. Former employees using shared accounts for payment services underscore the ongoing risk of inadequate privileged access controls and the threats of shared accounts.

 

Scenario 4: Using corporate accounts for personal email

Some employees use personal email for group-based personal correspondence, such as for their children’s school.

Potential security implications

Once an employee departs the organization, the receiver of forwarded email is now potentially exposed to highly personal information, and potentially in violation of some local regulations.

Recommendation

Corporate email addresses should always remain strictly delegated to business usage—and never for personal communications. The results can present some interesting legal ramifications, especially if removal of the address from a group is not trivial.

 

Today, the boundaries of work and personal spheres continue to blend and blur—providing benefits (work flexibility, higher productivity, etc.) for both employers and employees—but not without cyber risks. Completely strict policies of corporate email usage will only introduce more risk as employee turnover occurs and our dependence on electronic communication continues.

Organizations have embraced policies like Bring Your Own Device (BYOD) for mobile device support and should consider allowing personal emails addresses for exactly the same reasons. Acceptable email usage policies need to clearly state when personal usage is acceptable, should be implemented, and when it creates unnecessary risk due to employee termination.

 

About the author:

Morey Haber, CTO, BeyondTrust - 1

With more than 20 years of IT industry experience and author of Privileged Attack Vectors, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology for both vulnerability and privileged access management solutions. In 2004, Mr. Haber joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Mr. Haber began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelors of Science in Electrical Engineering from the State University of New York at Stony Brook.

Advertisements

How New Tech Is Revolutionizing HR

Human Resources is often looked upon as a sort of necessary evil in every business. But that couldn’t be further from the truth, as cutting-edge technology is helping HR departments in companies of all sizes evolve into a field that is equally relevant and innovative.

Tech including artificial intelligence (AI) and blockchain are helping to streamline HR processes, while cybersecurity is taking the front seat where company data and privacy is concerned. Here’s what you need to know about how an HR department can harness the power of new tech to change its influence and impact within companies, and by extension its reputation as a whole.

The Role of Cybersecurity

A big part of the job in HR is keeping employee personal data secure. In our digital age, it’s easier than ever for cyberthieves to hack into data systems. That’s where cybersecurity comes into play.

As an HR professional, it’s your job to hire individuals who are educated in the latest technologies and equipped to protect the organizations they work for. This can be especially challenging if you have staff members working remotely.

Remote workers are increasingly becoming the norm rather than the exception, with more than 40 percent of workers reporting that they perform some remote duties. As an HR rep, it’s your job to clarify policies and provide resources for remote employees so that they understand how to protect themselves, as well as company data, while working remotely. It’s also your job to anticipate and identify potential security issues before they turn into a major problem.

Your company may even consider putting together a cybersecurity team to address today’s security needs. A cybersecurity team is made up of individuals who are trained in information sciences and cybersecurity. Typically, those professionals are up-to-date on the latest equipment and technologies in order to effectively perform their duties.

Some companies are taking the cybersecurity hiring process even further by designing and building a cybersecurity control room. This move highlights the vital role a cybersecurity team plays in day-to-day operations. HR professionals should work closely with their cybersecurity team in order to answer any question that may arise.

AI and HR Analytics

AI has been changing the way we work for several years, but we’re only starting to see how it can help streamline the field of HR. The technology is meant to work in tandem with human processes, effectively doing three things:

  • Amplifying human function
  • Automating tasks
  • Augmenting human capabilities

AI use in HR starts with the hiring process. Automated software can help narrow down candidates without bias, based on information provided by potential hires. This is where amplifying comes in, as automated screening amps up the capabilities of HR professionals.

With AI, corporate training and payroll are augmented and automated. The use of AI reduces the chance of human error and keeps HR reps accountable for the data collected and processed. AI also allows for better tracking and accountability of remote workers.

Utilizing AI is a smart move for every business since the technology is becoming so ubiquitous. According to Personnel Today, nearly 40 percent of businesses were already using AI in some form as of 2017. A further 62 percent said that they expected to adopt AI into their business model in the near future.

Bitcoin, Blockchain, and Beyond

Payroll is an intrinsic part of the job for many HR professionals. And in today’s landscape of digital payments and other currency forms, payroll may seem more complicated than it has in the past.

If your business has remote workers on your payroll, chances are some of them are part of the emerging bitcoin and blockchain revolution. But what does that mean for you? Put simply, bitcoin is a form of digital currency, and a blockchain is an encrypted digital ledger of those funds.

Data indicates that about 28 million people around the world have a blockchain wallet. On the business end, more than $110 million in bitcoin payments are made every month. These numbers are growing, and HR professionals should have at least a basic understanding of blockchain technology.

Savvy business owners and HR techs should keep payment methods flexible and able to incorporate bitcoin and blockchain as needed. There are now more than 1000 types of digital currency that can end up in a blockchain, worth a grand total of more than $22 billion. That’s a number that’s hard to ignore.

While your company may be years away from adopting blockchain technology, it may be prudent to put together employee training sessions that revolve around digital currency, including bitcoin.

Final Thoughts

Our modern digital age has brought numerous, exciting changes to the realm of HR. Corporate data privacy issues and security training are increasingly part of an HR rep’s job description, alongside recruitment and payroll. Those duties are becoming easier, thanks to the automation, innovation, and augmentation found in new tech such as AI and blockchain.

BYOD Doesn’t Have to Be the Biggest Headache for Companies

BYOD Doesn’t Have to Be the Biggest Headache for Companies

Written by Manish Bhardwaj, Sr. Marketing Manager, Middle East and Turkey at Aruba, a Hewlett Packard Enterprise company.

BYOD Doesn’t Have To Be the Biggest Headache for Companies in the Middle East

8 Best Practices to Protect Your Enterprise Network

Manish Bhardwaj, Sr. Marketing Manager, Middle East and Turkey at Aruba, a Hewlett Packard Enterprise company
Manish Bhardwaj, Sr. Marketing Manager, Middle East and Turkey at Aruba, a Hewlett Packard Enterprise company

Smartphones and other personal devices can now be found in most businesses as users are staying connected to the corporate network from anywhere, any time. It’s the stuff that keeps IT and security managers up at night — mobile users, multiple devices per user, and enterprise data on the move.

Security for Bring Your Own Device (BYOD) and mobile must now be part of a larger conversation when securing the network for the new digital workplace. Based on existing customers’ best practices, this paper outlines eight things you can do to boost network security amidst BYOD.

Assign Roles to Users and Devices

With users carrying multiple devices, it’s smart to standardize on user roles across the organization, and then assign device roles, too. A smartphone issued by IT for a specific purpose may require more access privileges than a personal device. IT-issued laptops would have different roles than smartphones and tablets. The value is your ability to create different rules for each device type or role.

User and device roles also let you differentiate privileges by device type for the same user. An IT administrator would be allowed to change switch and controller configurations with a laptop assigned a corporate role. But, that same person would not be able to access sensitive networking equipment using a tablet assigned a BYOD role.

Use Profiling to Create Device Categories

Accurately profiled devices should be a cornerstone of your plan when rolling out a secure BYOD initiative. As BYOD permeates throughout your environment, not all users will be diligent about downloading the latest versions of the operating system. You’ll want to capture context that allows you to see who is running what versions on iOS, Android, Chrome and other operating systems.

As new releases become available, this data will give you the visibility to help identify why authentications may be failing, the types of devices that are experiencing issues, and more.

An understanding of location can also help determine if a problem is specific to Wi-Fi equipment if the enterprise is operating a multivendor environment.

Use Context Within Policies

It’s important to leverage multiple sources of context to manage access. Data can consist of user role, device profiling, location, and once a certificate is issued to a specific user’s device, the assumption is that it’s a BYOD. Doing this greatly enhances productivity, usability and security. By enabling the use of known data you can stop users from coming up with ways to bypass policies.

The use of device categories should also be explored. The idea is to again leverage context to enforce privileges across a large category of devices. All BYOD endpoints connecting over a VPN can be treated differently than when connecting in the office. Printers can be managed differently than game consoles or Apple TVs.

Manage Mobile App Use

Enterprises need to define and enforce policies that dictate who can access specific types of data from which devices, with the ability to differentiate between smartphones, tablets, laptops or IoT devices. To be effective, enforcement must extend across MDM/EMM, a policy management platform, and firewalls.

Automate and Simplify

Automation is essential for both initial onboarding and to take action on non-compliant devices (for example, quarantining them until they are compliant). MDM/EMM solutions should share device posture with a NAC solution to ensure that devices meet compliance before being given access. Integrating with helpdesk applications and SIEM can provide an enhanced experience for the user and IT for improved problem resolution.

By automating the discovery and onboarding of non-compliant devices, you can reduce costs and improve your security posture. This also allows users to re-onboard their own devices when smartphones and tablets are replaced, which also reduces the time IT has to spend on device onboarding.

Go with Certificates – They’re More Secure Than Passwords

Users will connect to guest networks more frequently leaving passwords exposed to theft, which makes certificates a cornerstone of a secure mobile device deployment. As the use of active directory and an internal PKI for BYOD is not a best practice, an independent Certificate Authority (CA) built to support personal devices is preferred.

A policy management solution that includes the ability to distribute and update, as well as revoke certificates should be explored. Integration with an MDM/EMM solution should be an option in the event that device management was deployed prior to investing in a network access policy management solution.

Make Everyone Happy – Simplify SSIDs

Multiple SSIDs complicate life for IT and users alike. With effective policy management enforcement in place, BYOD and corporate-owned devices can connect to common SSIDs. Reducing the options for users to choose from simplifies the user experience, and makes it easier for IT to maintain SSIDs across multiple locations. Consolidation of SSIDs can also improve Wi-Fi performance.

The key to improving your security posture revolves around your ability to leverage roles, location and policy enforcement to ensure that devices receive the access that IT expects, even when using common SSIDs. When personal devices are connected to a common 802.1X network, IT can provide Internet access only if desired.

Consider Next-Generation Multi-Factor Authentication (MFA)

These days, enterprise data access is often initiated from smartphones and tablets. As these devices are easily shared, many IT professionals are turning to new forms of MFA to ensure that the user of a device is really the person requesting access. Instead of token generation devices that are easily lost, there’s a better way.

Now when a user connects to a network or opens an application, IT can require a secondary challenge that is as simple as picking up your smartphone and scanning your fingerprint, taking a selfie, or clicking on a pre-determined image from within the images library.

Conclusion

The continued rise of BYOD is inevitable, and few corporate leaders will pass up the productivity gains of a mobile workforce that pays for their own devices. But it is easy to lose track of long-term goals if you don’t have a solid plan. The eight ideas presented in this paper are just some of the things that IT should consider when preparing for BYOD.

In the end, a central component that brings everything together starts with an advanced policy management platform. One that includes AAA services, NAC, BYOD onboarding and third-party integration with event-driven remediation.


If you want to share this article the reference to Manish Bhardwaj and The HR Tech Weekly® is obligatory.

Is HR Responsible for Web Security? | Featured Image

Is HR Responsible for Web Security?

Is HR Responsible for Web Security? | Image 1

It is safe to say that cybersecurity should be among a business’s top priorities. While malware like WannaCry spreads around the globe, ruining company after company, small and large businesses alike should be focused on strengthening their digital defenses and building a workplace culture focused on security. Undoubtedly, most HR professionals will wholeheartedly agree with this sentiment – but many won’t lift a finger to address gaps in their employers’ cybersecurity.

There are often concerns over who should build and maintain cybersecurity within a business. On one hand, security software is installed on tech devices, which belong in IT’s wheelhouse. Then again, a security breach affects customer relations, so perhaps the customer service department should ensure every device is protected. However, the truth is that HR should take the bulk of the responsibility for keeping a business safe. Here’s why.

HR Protects the Business and Its People

Through incentivization efforts, behavior-monitoring, policy-setting, management of resources, and more, HR departments work to reinforce the integrity of the business’s foundation: its people. Furthermore, HR provides support for the business, its employees, and ultimately its customers, assisting in the achievement of personal and organizational goals that benefit everyone. Because security should be a primary goal for modern businesses, web security measures should be a top concern for HR departments, too.

When a cyberattack is successful, it isn’t just the faceless company that suffers. Often, employee private information, perhaps including payment data, is leaked as well as business-related financial information. Conversely, a business’s tech assets are hardly imperiled by hackers, who are rarely interested in destroying software or able to impact hardware, so the IT department has little to fear from cyberattack. Because HR serves the business and its employees, who are most threatened by cyber-dangers, HR should work to ensure such data is well-protected by comprehensive web security software.

Is HR Responsible for Web Security? | Image 2

HR Influences Corporate Culture

Yet, effective security software is just one piece of the cyber-protection puzzle. Security experts assert that more often than not, a business’s employees are responsible for data breaches and successful cyberattacks. After all, it is the employees who visit questionable websites, who open shady emails, who click suspicious links, and who fail to install timely updates. Because HR is responsible for employee behavior, HR professionals should actively work against these unhealthy and insecure practices by influencing the culture of the workplace.

HR already has a massive impact on corporate culture. Recruiting efforts can target certain personalities, which form the foundation of a workplace culture. Additionally, HR designs policies and guidelines which shape how employees behave. HR departments should use this sway to establish a culture focused on security. Hiring security-minded workers, hosting regular security trainings, and instilling the idea that security is everyone’s job are ways to ensure employees are aware and alert to security.

HR Understands Compliance Rules

There are all sorts of laws and regulations outlining how businesses should behave, and HR should be familiar with all of them to keep the business safe from fines, litigation, and worse. Often, these rules concern payment minimums and structures, mandatory vacation time, and termination means and methods – but increasingly, the government is turning its attention to online behavior. Already, seven major industries have compliance obligations for digital data. Because HR professionals are already well-versed in adhering to compliance rules, it is hardly a stretch for them to understand burgeoning security regulations. Instead of trying to manage compliance and action in different departments, businesses can streamline the process by giving HR total control over web security efforts.

HR Relies on Technology

These days, every aspect of a business relies on technology – including the HR department. HR professionals use all sorts of digital tools to manage their workforces, from payroll platforms to internal messaging services to online recruitment processes. Should a business’s network be compromised by cyberattack, HR will be as unable to complete their tasks as any other department. If for no other reason than this, HR should be concerned about internet security.

Security failures are bad for business, but they are particularly bad for HR. Because HR departments’ goals align with those of security efforts – and because HR professionals are already well-equipped to handle the intricacies of cybersecurity – HR should be responsible for a business’s web security.

About the Author:

Tiffany Rowe

Tiffany Rowe is a leader in marketing authority, she assists Seek Visibility and our clients in contributing resourceful content throughout the web. Tiffany prides herself in her ability to create and provide high quality content that audiences find valuable. She also enjoys connecting with other bloggers and collaborating for exclusive content in various niches. With many years of experience, Tiffany has found herself more passionate than ever to continue developing content and relationship across multiple platforms and audiences.


If you want to share this article the reference to Tiffany Rowe and The HR Tech Weekly® is obligatory.

4 BYOD Risks HR Managers Should Know About

4 BYOD Risks HR Managers Should Know About

4 BYOD Risks HR Managers Should Know About

In today’s employment atmosphere, a growing number of companies are shifting toward a more flexible workplace. By implementing bring your own device (BYOD) policies employees are now increasingly using their own devices for business purposes.

Even though such policies can bring numerous benefits to companies, they come with some inherent risks. The following four issues are worth examining before deciding on a BYOD policy.

Irregular Updates

Every mobile device is vulnerable to hacks from outside sources. Your smartphone, tablet and laptop all have similar software that can be hacked if firewalls and other security features aren’t in place or aren’t updated regularly.

Busy employees often put off their security updates. Unfortunately, their phones are then automatically open to potential attacks. In a regular IT environment, it’s up to the business’s IT department to secure every device used for company purposes. Since the devices are the employees’ private property, they are responsible of keeping them updated with the latest versions of security software.

Viruses and Malware

Viruses and malware have numerous pathways that they can take to infect an employee’s device. The worst thing is that an employee’s device could be hacked without them even being aware of the situation.

For example, your employees can receive phishing email with a malicious link that could install viruses or malware when clicked on. The infection could then spread onto the company’s server and compromise corporate information in a matter of seconds.

The phishing email could also look as if it’s from a familiar contact or even a legitimate website. It could ask your employees to click on a link and in order to log in into their account. The employees would then enter their user names and passwords on fake websites giving hackers access to their sensitive information. Identity theft is always a possibility in these hacking situations.

Unsecured Connections

Your employees might use their devices to connect to public Wi-Fi to access necessary data on your company’s server or to go online for personal needs. Unfortunately, using public networks is dangerous since they allow multiple people to connect to the same network, and that includes hackers.

Hackers could intercept the data your employees download or upload, they could install malware on your staff’s devices and even gain access to their email. This is another way malware could spread from the infected devices onto the company’s server and compromise the safety of corporate data.

Your employees need to be aware of these threats and take the appropriate preventive measures. Instruct your employees to turn off Wi-Fi when they don’t need it and disable it from automatically connecting to open networks.

You can also set up a virtual private network (VPN) which will allow your employees to connect to a hotspot without worrying about data breaches. Connecting to a VPN encrypts and secures any data being sent or received. This disables hackers from intercepting sensitive information and compromising the security of your employees’ devices.

Missing Devices

The best opportunity for stealing corporate data is when a device gets into the wrong hands. Lost or stolen devices are always a big security issue, which can lead to leaked proprietary data and vulnerable business positions.

IT professionals need a plan in cases this happens. A remote wipe policy is a very good solution which allows the IT team to completely remove all data on a device after it’s been reported missing.

Since BYOD devices include an employee’s personal data, you need to make sure that the employee agrees to a remote wipe of every piece of data even before they are hired.

Employees should see this step as both a protective corporate and identity-theft policy. To avoid any further information hacks, employees can also make it more difficult to access the data in the first place. A fingerprint or PIN passcode frustrates thieves, and they might toss the device before trying to access the information.

Final Thoughts

These security issues aren’t a reason to forgo a BYOD policy. However, appropriate security measures are necessary in order for it to be successful. Begin your BYOD strategy by educating your employees about the importance of regular updates and how to recognize security threats.

They need to understand that every piece of data is priceless to the business and their personal life. In reality, many people don’t realize how valuable their data is to hackers outside of the corporate atmosphere.

Employees also need to agree to corporate statements, liabilities and compliance measures in order to make this BYOD program a success. At the very least, add professional indemnity insurance coverage to the company so that any data leaks are quickly resolved.

Finally, by protecting the data with software and passwords, businesses can keep their proprietary information private. In the end, the employee’s device can be as safe as any company-issued electronic.

About the Author:

Josh McAllister

Josh McAllister is a freelance technology journalist with years of experience in the IT sector, and independent business consultant. He is passionate about helping small business owners understand how technology can save them time and money. 

Josh is a contributor of a number of digital outlets, and well published including DZoneIoT World News, and Rabid Office Monkey.


If you want to share this article the reference to Josh McAllister and The HR Tech Weekly® is obligatory.

How to Protect HR from Ransomware | Featured Image

How to Protect HR from Ransomware

How to Protect HR from Ransomware | Main Image

Companies have HR departments that are responsible for storing confidential information such as an individual’s social security number, payroll information, health information as well as employment history.

Because of enormous amount of sensitive data collected on individuals, HR departments opt to store data in a digital format, thus, making it susceptible to cyber-threats. Furthermore, since HR departments receive more email that any other department in a company, they are even more vulnerable to such threats. One of the most challenging form of cyber-attacks that HR departments face today is ransomware.

Ransomware is a type of malware that encrypts data and restricts access to a computer system. Often malware is sent through an email in the disguise of a resume or cover letter. When the email is opened, then the malware infects the computer and the entire network. The next time a user tries to gain access to the computer system, he or she is required to pay a monetary ransom in the form of Bitcoin to remove the restriction. WannaCry is one commonly known name for the recent ransomware attack that affected many companies.

Ransomware not only steals an individual’s personal information, but it damages a company’s reputation and financial status as well. The good news is that there are steps that HR departments can take to prevent ransomware attacks.

Basic Security Measures

It is imperative that HR departments work closely with the IT department to implement strong web filters and spam controls as a basic security measure. Next, the IT department should have Endpoint analytical tools to immediately detect, quarantine and shut down ransomware invasions.

Finally, always have a working data backup plan that is not connected to the company’s network so data cannot be infected.

Latest Operating and Software System

The IT department should make sure that the company’s operating system and software is up-to-date. It is extremely important that security updates are installed on all machines as they are released to protect all computers on the network.

If the company uses Microsoft Office software, it is recommended that macros are turned off. In addition, remove plugins if using Adobe Flash, Adobe Reader, Java or Silverlight since these plugins can run a risk of having embedded malware attached to them upon installation.

Employee Training

It is essential for companies to train employees on their information security policies. Employees must understand that technology alone is not enough to protect sensitive data and that there are cybersecurity threats that can bombard them.

Employees need regular training sessions in learning how to use technology as well have an understanding that technology is not always foolproof. There should be employees training in the do’s and don’ts of data protection. Since HR employees receive numerous emails daily, they need to know what types of files are safe to open.

Finally, employees need to know how to respond, and to whom they should report a cyber threat if the unthinkable happens.

Network Segmentation and Separate Work Stations

The IT department needs to ensure that the company’s most sensitive data is not stored all on one network. This is done through network and database segmentation. A restriction should be in place where only certain authorized individuals can access sensitive information. For example, make one person the administrator for the system.

The administrator should only log into the system as absolutely deemed necessary and use a regular account for everyday use. Furthermore, the IT department should assign dedicated workstations to employees responsible for reviewing resumes and monitor workstation usage.

Outside Testing

To ensure the validity of the company’s security, it is a good idea to hire an outside firm to test the vulnerability of its IT security. By hiring an outside firm, the company can understand where hackers can possibly penetrate the system, and take necessary steps to make data more secure.

To conclude, HR departments have access to massive amounts of sensitive data and the employees are typically not very well educated in knowing how to protect themselves from data breaches. Therefore, they are an easy and lucrative target for hackers.

It is easy to see why HR departments are prone to such cyber-attacks. However, when the HR staff works more closely with the IT department, preventive steps can be taken to reduce ransomware attacks. Precautionary steps such as implementing basic security measures, installing the latest operating system and software, setting up network segmentations and dedicated workstations, training employees and having outside testing to check for security breaches can save a company’s reputation and financial status.

About the Author:

Josh McAllister

Josh McAllister is a freelance technology journalist with years of experience in the IT sector, and independent business consultant. He is passionate about helping small business owners understand how technology can save them time and money. 

Josh is a contributor of a number of digital outlets, and well published including DZone, IoT World News, and Rabid Office Monkey.


If you want to share this article the reference to Josh McAllister and The HR Tech Weekly® is obligatory.

5 HR Tech Trends Shaping Your Business | Featured Image

5 HR Tech Trends Shaping Your Business

5 HR Tech Trends Shaping Your Business | Main Image

Technology continues to drive and disrupt today’s talent management strategies. As we move closer to the halfway point of 2017, we take a look at 5 key HR tech trends shaping your business.

Cybersecurity skills challenges

The widely publicised global data breach that affected the NHS last month highlights the very real risks to all businesses. After the talent shortage, PWC notes that cybersecurity is the second highest ranked concern for CEOs, with three quarters (76%) citing this it as a significant challenge in its annual CEO Survey. A UK government report also found that half of all businesses have experienced at least one data breach or cybersecurity attack in the past year, rising to two thirds of medium and large businesses. Your ability to secure your data is an increasing issue and the pressure is on HR to source talent with vital cybersecurity skills. A report from Experis found that demand for cybersecurity professionals is at an all time high, echoing an earlier survey from Robert Half, Technology and Recruitment : The Landscape For 2017 which found that sourcing tech talent with cybersecurity skills was a priority for over half of all hiring managers this year.

The ongoing debate over AI

Predictions of a jobless world have thrown the debate over AI sharply into focus but AI and automation offer a number of benefits for hiring teams. Writing in the Harvard Business Review, Satya Ramaswamy describes ‘machine to machine’ transactions as the ‘low hanging fruit’ of AI rather than ‘people displacement’.

Elsewhere, Gartner predicts that by 2022 smart machines and robots could replace highly trained professionals in sectors including tech, medicine, law and financial services, transforming them into ‘high margin’ industries resembling utilities. But it stresses the benefit that AI brings in replacing repetitive, mundane tasks and offering more meaningful work. The key is to create the right blend of AI and human skills, which HR is ideally positioned for. Gartner suggests that a further benefit of AI is the alleviation of skills shortages in talent starved sectors.

A beneficial and immediate use of AI for HR is the automation of mundane and repetitive tasks in the recruitment cycle through HR technology, allow hiring teams to focus on creating the effective candidate and employee experience that their business urgently needs.

Chatbots in hiring

Today chatbots are emerging as an essential tech tool for high volume recruitment, engaging with candidates via messaging apps with the aim of creating a more interactive and engaging hiring process. The AA was one of the first brands to feature this smart technology and this year it is predicted that chatbot Stanley will interview 2.5 million candidates. As the skills shortage continues, the chatbot offers a more direct and effective way of engaging with sought after millennials or graduate talent. Chatbots are also predicted to make HR’s life easier through simple interactions via mobile devices for both candidates and employees.

Dark data

While still in the exploration stage, dark data can offer vital insights into talent sourcing. Up to 80% of the data created is ‘unstructured’ or ‘dark’ data found in, for example, e-mails, text messages, spreadsheets and pds. At present it is not usable in analytics but AI can be leveraged to organise it into a more usable form. Last month it emerged that Apple have acquired a machine learning based company to strengthen its own capabilities in the area of dark data. Deloitte’s Global Talent Trends report for 2017 reports that only 9% of businesses have a good understanding of the talent dimensions that drive performance. Dark data may help to illuminate those dimensions.

Moving to predictive analytics

It’s not a new or emerging HR tech trend but the transition to predictive analytics is one that HR must eventually (reluctantly?) make as the skills gap in the UK widens and the availability of qualified and digitally able candidates continues to fall. Applying people analytics improves hiring outcomes, reduces the level of early departures from your business and enables HR to begin to predict and plan for future hiring needs. The first step towards predictive analytics is for tech-averse hiring teams to relinquish manual recruitment systems in favour of HR technology and begin to understand the key metrics affecting your hiring process.

Advorto’s recruitment software provides workflow and structure across the entire hiring process, offering a dynamic database of candidates and analytics. Used by some of the world’s leading organisations, it provides a straightforward first step into AI, HR analytics and big data. Start your 30 day free trial today.


If you want to share this article the reference to Kate Smedley and The HR Tech Weekly® is obligatory.

Cloud Is Growing, But Will It Be Your Organisation’s Downfall?

cloud-is-growing-but-will-it-be-your-organisations-downfall

Written by Hesham El Komy, Senior Director, International Channels at Epicor Software | Specially for The HR Tech Weekly®.

hesham-el-komy-sr-director-channel-epicor-press
Hesham El Komy, Senior Director, International Channels at Epicor Software

The reality today is that most enterprise applications are well on their way to being cloud based. We’ve seen it with simple workloads such as HR and payroll, travel and expense management, and in the last decade we’ve seen the cloud as the new normal for customer relationship management (CRM) deployments. In fact, a July 2016 Gartner report[1] predicts that the public cloud services market in the Middle East and North Africa (MENA) region will grow by 18.3% in 2016 to US$879.3 million. More specifically, the cloud application services (SaaS) market is forecasted to grow by a staggering 207% from US$166.1 million in 2015 to US$509.8 million in 2020.

So what are the benefits of cloud based ERP solutions? Below are eight reasons why moving your ERP system to the cloud will benefit your business and support business growth.

  1. Freedom of Choice

Put quite simply, not all cloud ERP systems are created equal. Specifically, very few ERP vendors respect your right to choose the deployment model that is most appropriate for you, and revise that decision down the road as your business grows or technical needs change. Your right to transition between on-premises, multi-tenant, and single tenant is an important one. It recognises that the “best” deployment model for you today might not be the best model in a few years, or even a few months. By providing the choice of Multi-Tenant (with its compelling economics and seamless upgrades) or Single Tenant (allowing more administrative control and administrative ownership), you can choose the model that works best for you.

  1. Compelling Cloud Economics

Despite the cloud having proven its value beyond just good financial sense, there is no doubt that for companies of all sizes the economics of cloud deployment are undeniably compelling, moving from capital to operational expenditure. Some of the more hidden economic benefits of the cloud include:

  • Not being as capital intensive as an on-premises deployment because of the subscription-based pricing model.
  • Better and more instant scalability, allowing clients to add (and sometimes remove) users to their system on demand and saving them from having to invest in hardware and software at the “high water mark”.
  • The direct and indirect costs of your infrastructure, from server to database systems to the actual hardware and replacement cycle cost.
  • The hidden costs of maintaining the servers yourself.
  • The benefit of the reduced deployment times (and corresponding improved ROI) that are typical for cloud deployments, as the necessary infrastructure is in place already.
  1. Better IT Resource Utilisation

At the end of the day, most IT departments are stretched pretty thin, and find themselves spending too much time on low-value (but admittedly critical) activities such as verifying backups, applying security updates, and upgrading the infrastructure upon which your critical systems run. There is tremendous business benefit to assigning those tasks back to your ERP vendor as part of a cloud deployment, freeing up your IT department’s time to work on more strategic business projects such as creating executive dashboards, deploying mobile devices, and crafting helpful management reports.

  1. The Cloud is More Secure

Today, it’s hard to imagine a client who could possibly create a more secure operating environment than leading cloud providers. Indeed, Gartner reports[2] that “Multi-tenant services are not only highly resistant to attack, but are also a more secure starting point than most traditional in-house implementations.”

Security today is a comprehensive, end-to-end mind set that has to be built across every layer of the ERP environment from the physical network interface cards to the user passwords. It means a holistic approach to anticipating and minimising possible natural, human, and technical disruptions to your system to ensure uptime and peace of mind.

  1. Upgrades

Cloud deployment redefines the experience by designing upgrades—big and small—to be deployed by the ERP cloud operations staff as part of standard support services, without imposing software installations on your staff. Minor updates are transparently deployed in a non-disruptive fashion, and major upgrades are announced well in advance, and include a sandbox training environment and end-user training.

These major upgrades are designed to require little to no project management on your part, short of double checking that everything is working the way you expect it to and ensuring that your internal users are prepared to take advantage of the new version.

  1. Mobile and Collaborative

Moving to a cloud-based system gives everyone the real-time system access they require as a routine part of their jobs while driving out the inefficiency of paper-based processes and the burden and security risk of figuring out how to deliver this yourself.

Opening up your ERP system by virtue of cloud deployment allows you to retire the poorly defined ad-hoc “integration by Excel file” workflows that might have cropped up across your organisation. In their place, you can deploy real-time integration processes that link your employees, suppliers, partners, and customers.

Cloud deployment brings the opportunity to redefine many of your legacy business processes and workflows in a way that leverages these more open, connected, instantaneous integration paths.

  1. Business Consistency and Process Alignment Globally

Increasingly, companies have staff working across multiple locations and they aspire to provide the efficiency of a single unified ERP system across the enterprise to support them. Deploying a single cloud ERP globally (where the only infrastructure requirement is Internet access) removes many operational obstacles, and gives you the confidence that your continued expansion efforts can be accommodated without a significant IT effort by simply enabling that new location in your existing cloud-based ERP system. With consistency comes improved transparency and increased efficiency.

  1. Reduced Risk, Greater Visibility, Better Value

Many clients choose a cloud-based system (ERP and other workflows) because it allows them to deploy a much more complete solution than they could otherwise manage or financially justify under legacy deployment models. Not having to make a massive upfront investment in the ERP system and its supporting infrastructure is critical in allowing smaller companies to perform beyond same-sized competitors from an enterprise application quality and completeness perspective.

ERP solutions aren’t just software. They are tools that can be used to help grow your business profitably, offering flexible solutions that provide more accurate information in real-time, driving smarter, faster decision-making, and enabling customers to quickly meet changing market demands to stay ahead of their competition. The cloud increases the business benefits that ERP offers and can accompany your business on the road to successful growth.

Sources:

[1] Gartner, Inc., “Gartner Says Public Cloud Services in the Middle East and North Africa Region Forecast to Reach $880 Million in 2016,” July 04, 2016

[2] New Report: Gartner MQ for Cloud-Enabled Managed Hosting, North America

If you want to share this article the reference to Hesham El Komy and The HR Tech Weekly® is obligatory.

Global Study Reveals Businesses and Countries Vulnerable Due to Shortage of Cybersecurity Talent

Intel Logo

Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054-1549

Global Study Reveals Businesses and Countries Vulnerable Due to Shortage of Cybersecurity Talent

82 Percent of IT Professionals Confirm Shortfall in Cybersecurity Workforce 

News Highlights:

  • New report by Intel Security and CSIS reveals current cybersecurity talent crisis
  • Cybersecurity skills shortage is worse than talent deficits in other IT professions.
  • Shortage in cybersecurity skills is responsible for significant damages.
  • Talent shortage is largest for individuals with highly technical skills.
  • Hands-on training and practical training are perceived as better ways to develop skills than through traditional education resources.

Dubai, United Arab Emirates – August 01, 2016 – Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), recently released Hacking the Skills Shortage, a global report outlining the talent shortage crisis impacting the cybersecurity industry across both companies and nations. A majority of respondents (82 percent) admit to a shortage of cybersecurity skills, with 71 percent of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

Despite 1 in 4 respondents confirming their organizations have lost proprietary data as a result of their cybersecurity skills gap, there are no signs of this workforce shortage abating in the near-term. Respondents surveyed estimate an average of 15 percent of cybersecurity positions in their company will go unfilled by 2020. With the increase in cloud, mobile computing and the Internet of Things, as well as advanced targeted cyberattacks and cyberterrorism across the globe, the need for a stronger cybersecurity workforce is critical.

Raj Samani
Raj Samani, VP & CTO, EMEA, Intel Security

“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cybersecurity talent shortage,” said Raj Samani, VP & CTO, EMEA, Intel Security. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the frontline. Finally, we absolutely must diversify our ranks.”

The demand for cybersecurity professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. In fact, skills such as intrusion detection, secure software development and attack mitigation were found to be far more valued than softer skills including collaboration, leadership and effective communication.

This report studies four dimensions that comprise the cybersecurity talent shortage, which include:

  1. Cybersecurity Spending: The size and growth of cybersecurity budgets reveals how countries and companies prioritize cybersecurity. Unsurprisingly, countries and industry sectors that spend more on cybersecurity are better placed to deal with the workforce shortage, which according to 71 percent of respondents, has resulted in direct and measurable damage to their organization’s security networks.
  2. Education and Training: Only 23 percent of respondents say education programs are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cybersecurity skills. More than half of respondents believe that the cybersecurity skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.
  3. Employer Dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Recommendations for Moving Forward:

  • Redefine minimum credentials for entry-level cybersecurity jobs: accept non-traditional sources of education
  • Diversify the cybersecurity field
  • Provide more opportunities for external training
  • Identify technology that can provide intelligent security automation
  • Collect attack data and develop better metrics to quickly identify threats

For more information on these findings, along with Intel Security’s proposed recommendations, read the full report: Hacking the Skills Shortage: A study of the international shortage in cybersecurity skills.

About Intel Security:

Intel Security, with its McAfee product line, is dedicated to making the digital world safer and more secure for everyone. Intel Security is a division of Intel Corporation. Learn more at www.intelsecurity.com.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

*Other names and brands may be claimed as the property of others.

Contacts:

Vernon SaldanhaVernon Saldanha

Procre8 (on behalf of Intel Security)

vernon@procre8.biz