HR’s Role in Preventing Cyberattacks
By Training Employees HR Can Lead The Cybersecurity Fight
Cyberattacks are a growing concern for employers across the globe but especially for those in the United States. According to the Identity Theft Resource Center, the number of reported U.S. data breaches rose 68% between 2020 and 2021, increasing to a record-setting 1,862 incidents. Of these breaches, 83% involved sensitive information, such as Social Security numbers.
These breaches targeted various organizations and industries, including those in manufacturing, utility services and finance. Essentially, any business that retains potentially valuable information could be a target; cybercriminals are frequently looking for the personal information of everyday citizens to sell or use to gain access to other systems. Oftentimes, cybercriminals breach organizations via their own employees; all it takes is one employee clicking into a phishing email (i.e., a fraudulent message intended to trick recipients into compromising important data)
This is where HR comes in. HR teams are often tasked with communicating policy updates and workplace expectations. When it comes to cybersecurity, HR is naturally suited to partner with IT and provide basic educational resources. This article offers tips to help HR teams protect employees and their organizations from cyberattacks.
Understand the HR Risks & Create a Backup Plan
While it’s true that cybercriminals frequently target individuals’ personal information, that’s not their only goal. Sometimes, malicious actors will then take that personal information and use it to gain access to other secure points—potentially affecting other systems beyond the breached organization itself. For instance, a cybercriminal may steal an employee’s login and password, then use those details to access customer databases or even critical infrastructure.
A recent example of this came in 2021 when cybercriminals took down Kronos, the ubiquitous timekeeping software. With the cloud-based system down globally, employees couldn’t clock in or out—time punches were simply inaccessible. Obviously, this proved very disruptive for payroll and time tracking. Yet, the larger takeaway is that even if an employer does everything right, they can still be impacted if a vendor experiences a cybersecurity breach.
That’s why it’s important for HR teams to think about the vendors and systems they rely upon. These may include timekeeping software, case management software or learning management systems. Consider what would happen if any one of those tools stopped working or became inaccessible. How would that impact operations?
Considering these potential scenarios can help HR teams better strategize their responses. For instance, if timekeeping software were to break down, perhaps employees would be required to use an HR-provided paper form to track their time. Additionally, with the vulnerability of cloud-based systems, HR teams can think about regularly backing up and archiving critical information, including customer details, time-tracking data or transaction receipts. Essentially, if a vendor system breaks down, HR still needs to ensure day-to-day operations can run smoothly.
Develop Cyber Training and Contingency Plans
- Preparation is key for protecting an organization from cyberattacks. This primarily entails ensuring monitoring and security measures are in place to prevent breaches and detect when they occur. While this preparation is a responsibility for IT, HR teams can partner with them to help contribute to cybersecurity in their own way: employee training and contingency planning.
- Every employee in an organization should be trained on proper cybersecurity protocols and best practices. This includes knowing how to spot a phishing scam, maintaining strong passwords, using unique passwords for different logins and reporting suspicious database activity. While HR teams likely aren’t comprised of IT experts, they can still help disseminate these and other cybersecurity best practices to employees. Even basic precautions can make a huge difference in protecting against breaches of critical data.
- Based on the type of data breach, how quickly must the incident be reported to applicable parties?
- Depending on an employer’s state and industry, the answers to these questions will vary. That’s why it’s essential to address these issues in a cyberattack contingency plan before a breach occurs. Employers should speak with legal counsel for help understanding their coverage risks.
Provide an HR Tool To Facilitate Cybersecurity Training
Use a training tool like HRCompli E-Learn. HRCompli E-Learn is an online Learning Management System (LMS) from MyHRConcierge that facilitates Human Resources, cybersecurity and safety training for employees and managers through professionally-produced videos with interactive quizzes for a quality learning experience.
It’s a good idea to Improve your employees’ understanding of company policies and proper conduct at work with HRCompli E-Learn.
Human Resources and Safety training programs have become ubiquitous in all industries to assure business owners that they are compliant with state and federal laws and prevent legal risks. Many states are beginning to require mandatory workforce management training with specific requirements to satisfy state laws.
For questions about what your state may require contact us today.
Don’t forget about Sexual Harassment Training. Read here to learn more about preventing sexual harassment in the workplace.