In an age where technology impacts almost everything we do, advo hr looks at cyber security and the necessary steps that employers should take to minimise risks to their employees and their businesses.
More often than not we use technology every day, whether that is at work, at home or on the move with mobile devices. With an increase in use and security being improved continually, cyber criminals are now having to change their approach. This means specific people, usually senior managers in the business, or departments such as Finance and HR may be targeted due to their positions within the organisation.
A recent article from CIPD named ‘Why HR is the cyber criminals’ latest target’ looks into the importance of ensuring all departments, especially HR, are very strict in terms of the cyber security.
The article explains the importance of introducing mandatory training in cyber security. This would need to cover, but not be limited to, the Company’s IT policy, how and what the Company’s devices can be used for, who can access data, protocols regarding passwords and the frequency that these should be changed.
Here at advo we take cyber security seriously and have introduced mandatory training in cyber security for all of our staff. Our own in-house systems have been created with many layers of security which are built into our systems and ensure the safety of our networks and our clients’ data.
Whilst systems, firewalls and security help to minimise the risk, people are the main reason for any cyber-attack. We are all busy and working quickly through our emails hence this is why cyber criminals use this as a way of spreading viruses. For example, it would be very easy to imagine receiving an email and quickly click a link without considering the sender’s email address, any attachments, links or the tone or language to see if it is a legitimate email. Slowing down will help employees take the time to consider if an email looks suspicious and if it doesn’t seem quite right, to report it to the relevant person.
A parting example of how easy it is to fall into the phishing email trap was provided by the CIPD. A cyber consultancy implemented a phishing test to demonstrate how trusting people are and to highlight the need to be suspicious. An email, supposedly from the HR department at the company, was sent to everyone informing them that due to a spate of lunch thefts, they had installed a webcam in the fridge. The email contained a link which employees were prompted to click, hoping that they would be able to see their lunch in the dark fridge! Many people clicked the link desperate to see if their lunch was still where they had left it that morning. If this was a real cyber-attack, the company would have been in trouble!
If you would like more advice on this subject or support in any area of HR please contact advo hr’s Carly Gregory on firstname.lastname@example.org.