Human Resource Executive December 22, 2020 – 4 tips for HR to reduce the risk of cyber attacks

Recent cyber hacks on government and private employers should prompt HR leaders to ensure their data security defenses are up to snuff.

Ransomware AttackEarlier this month, news broke of a massive, months-long cyber attack, likely carried out by Russia, that targeted the U.S. federal government and many private businesses, including Microsoft and dozens of its clients. On its face, the news may not seem directly connected to HR, but the dangerous hacks serve as a good motivator for employers to revisit HR data security matters, experts say.

Recruiting, for example, presents one very specific

vulnerability, according to Steve Tcherchian, chief information security officer at XYPRO, a cybersecurity analytics provider.

“An organization’s recruiting functions are typically the entry point for outsiders—both legitimate job seekers and those looking to cause harm,” he says. “HR is on point to collect resumes and fill open positions.”

Cyber Attack Puzzle

This usually means, and especially now with no shortage of job seekers, that employers are fielding an influx of resumes and cover letters in a variety of formats, Tcherchian says. Attackers know this and can use the volume of job applications to their advantage.

Often, he says, it’s easy for an HR recruiter to overlook clues and open an attachment or click on a link (often disguised as a LinkedIn profile) that could unsuspectingly infect a workstation or, worse yet, introduce ransomware or some other potentially damaging payload into the corporate network.

With that in mind, Tcherchian says, HR departments should:

  • Be hypervigilant about recruiting: Don’t simply open any and every attachment received from job applicants. Engage your IT and security departments for an additional layer of defense.
  • Revisit policies and procedures: In particular, make sure your “Cybersecurity Incident Response Plan” is up to date and has been rehearsed. Everyone should know their roles.
  • Have security teams review and advise on best practices for tool and application usage.
  • Review and revoke access for employees on a periodic basis: Implement the policy of least privilege. Allow users only enough permission to do their jobs. For hackers, getting through the front door is easy. Don’t make their job even easier by allowing them to roam freely within the enterprise.

“With the recent attack on government agencies, HR departments should heighten their vigilance regarding their processes, especially around candidate recruitment,” Tcherchian says.

To read the full article visit Human Resource Executive.