Human Resource Executive December 22, 2020 – 4 tips for HR to reduce the risk of cyber attacks
Recent cyber hacks on government and private employers should prompt HR leaders to ensure their data security defenses are up to snuff.
Earlier this month, news broke of a massive, months-long cyber attack, likely carried out by Russia, that targeted the U.S. federal government and many private businesses, including Microsoft and dozens of its clients. On its face, the news may not seem directly connected to HR, but the dangerous hacks serve as a good motivator for employers to revisit HR data security matters, experts say.
Recruiting, for example, presents one very specific
vulnerability, according to Steve Tcherchian, chief information security officer at XYPRO, a cybersecurity analytics provider.
“An organization’s recruiting functions are typically the entry point for outsiders—both legitimate job seekers and those looking to cause harm,” he says. “HR is on point to collect resumes and fill open positions.”
This usually means, and especially now with no shortage of job seekers, that employers are fielding an influx of resumes and cover letters in a variety of formats, Tcherchian says. Attackers know this and can use the volume of job applications to their advantage.
Often, he says, it’s easy for an HR recruiter to overlook clues and open an attachment or click on a link (often disguised as a LinkedIn profile) that could unsuspectingly infect a workstation or, worse yet, introduce ransomware or some other potentially damaging payload into the corporate network.
With that in mind, Tcherchian says, HR departments should:
- Be hypervigilant about recruiting: Don’t simply open any and every attachment received from job applicants. Engage your IT and security departments for an additional layer of defense.
- Revisit policies and procedures: In particular, make sure your “Cybersecurity Incident Response Plan” is up to date and has been rehearsed. Everyone should know their roles.
- Have security teams review and advise on best practices for tool and application usage.
- Review and revoke access for employees on a periodic basis: Implement the policy of least privilege. Allow users only enough permission to do their jobs. For hackers, getting through the front door is easy. Don’t make their job even easier by allowing them to roam freely within the enterprise.
“With the recent attack on government agencies, HR departments should heighten their vigilance regarding their processes, especially around candidate recruitment,” Tcherchian says.
To read the full article visit Human Resource Executive.
Steve Tcherchian, CISSP, PCI-ISA, PCIP is CEO of XYPRO Technology, a leading provider of mission-critical cybersecurity solutions that protect the digital backbone of industries worldwide. With over 20 years of experience, Steve brings a unique blend of technical expertise, strategic vision, and a customer-first approach that has transformed XYPRO into a top-tier cybersecurity provider, driving record growth and accelerated adoption of its threat detection and compliance solutions across diverse sectors.
A passionate advocate for cybersecurity, Steve is dedicated to demystifying the complexities of the industry and sharing actionable insights on global stages as a sought-after speaker. His contributions extend beyond the podium: as a former member of the ISSA CISO Advisory Council, the X9 Security Standards Committee, the Forbes Tech Council, and as a patent holder, Steve has shaped pivotal cybersecurity standards and innovations that safeguard the world’s most critical workloads.
