How HR professionals can help prevent cyber attacks
Jonathan Dungan, October 15, 2018
Cyber attacks and data breaches are something all HR professionals should prepare themselves for
New research from 247meeting found that a quarter of employees have experienced some kind of security breach during their career. That figure is both astonishingly and worryingly high. Is this the result of more sophisticated hacking techniques? Or are businesses simply too relaxed in upholding security measures?
Knowing what to do in this kind of event can be difficult. The first question on everyone’s lips is 'how did this happen?' The data goes on to demonstrate how 26% of employees that have access to customer data haven’t been trained on the GDPR, which should be our first clue.
Many people believe that the threat of cyber attacks and data breaches doesn’t apply to them, or that their company is too small to be affected. This is a typical example of optimism bias (better known as 'it won’t happen to me' syndrome). But everyone is susceptible to cyber attacks and data breaches regardless of company size.
Personal data is a highly-lucrative commodity in today’s world, and IT departments shouldn’t have to bear the sole responsibility of ensuring their company’s data is safe. So what can HR teams do to pull their weight and lend a hand?
The first step should be to refresh employees’ knowledge of the company's IT security policy, as our data shows only 13% are confident that they remember all of it. Save it in a place that’s easily accessible should staff need to refer to it, or hold meetings on it to reinforce the document’s importance in the employee collective consciousness.
One of the simplest and most effective ways to prepare for extreme scenarios is to host quarterly training sessions. This guarantees employees are aware of the dangers of being too lackadaisical with customer and company data and how best to respond.
Train staff on how to protect customer data even if they aren’t directly working with it. Employing simple practices like changing passwords regularly, ensuring they’re unique across all work programmes, and locking computers when away from desks can help.
With regards to confidential calls, one in four senior managers have experienced a stranger on their conference call; a worrying statistic considering many have confessed to talking about business issues, salaries and sensitive company information while on the phone.
Our research shows that senior managers are also sharing their conference call PINs with other colleagues in spite of the highly-sensitive information that’s regularly discussed. While sharing a conference call PIN may not seem very risky, it may become the catalyst of a major security breach should the wrong person overhear private information. Companies can introduce smarter conference calling by utilising an app version, providing more security than landline services by decreasing the likelihood of a stranger joining in on the call.
HR managers should enforce a set of rules to ensure information isn’t leaked over the phone, via email, or online. Face-to-face communication is by far the safest means and should be the first solution whenever and wherever possible.
Cyber attacks and data breaches can happen to anyone at any time, so it’s better to be prepared for these events rather than to panic should they occur. Keeping customers informed and vigilant must also be a big part of the security process. This guarantees that as long as your employees are taking the right precautions, customers cannot point fingers.
Jonathan Dungan is an executive at 247meeting