The COVID-19 crisis reshaped businesses of all sectors overnight, forcing them to change their organisational structure and transition to working from home. When adapting and responding to uncertain times, the role of the Human Resources team is more important than ever to provide the necessary support and communication to concerned employees.
To be successful in this ‘new normal,’ HR leaders need to turn their attention towards recovery, and a priority within this mindset must be cybersecurity. With twice as many ransomware incidents occurring at the peak of the pandemic, vulnerable businesses remain a key target for cyber attackers. However, by reinforcing the importance of IT security and implementing innovative tools, HR teams can stay one step ahead.
There is extra pressure on HR teams to oversee remote workforces, ensuring employees have the correct equipment and adequate measures are in place. However, 58% of businesses believe that employees are more likely to avoid security protocols at home – including the use of personal laptops, inappropriate use of business equipment and failing to change passwords. By setting expectations and controls from the beginning, including restricting access to unsuitable websites and keeping employees engaged, HR managers can appropriately manage their teams.
It is clear that there remain challenges in preserving security infrastructure from home, especially with the combination of innovative hackers and untrained employees, but by deploying the right security procedures across all employees’ workstations, these threats can be alleviated.
Complying with GDPR
Personal information, such as health records, CVs and financial statistics are shared and sent daily via email by HR teams, yet, this data is highly valuable for cyber attackers. Additionally, the sensitive information handled by HR teams must abide by the General Data Protection Regulation (GDPR), which places even more emphasis on keeping this information safe, as if it was to be stolen, businesses can receive fines up to 4% of their annual turnover, as well as the damaging effects it can have on business reputation.
Sharing private documents via email is a risk in itself, as 94% of malware is delivered by email. While working under pressure and away from the help of IT teams, employees can potentially neglect double-checking their email before it’s sent, which could have devastating consequences if an incorrect attachment or recipient is included. However, there are modern solutions available which offer teams that critical double-check.
By utilising innovative technology, HR teams can fortify the importance for employees to check their emails for mistakes and spot potential phishing emails. Digital tools, for example, VIPRE’s SafeSend, alerts the employee before clicking send on an email to confirm that it’s going to the right person with the correct attachments. This easy safety check can also support workforces by distinguishing safe and potentially dangerous emails from one another, highlighting any external email domains which falsely appear as if they have come from someone internally, such as the HR department.
To ensure confidential emails are sent securely to those within and outside the organisation, email encryption can play a vital role so that data is not intercepted in transit. Additionally, tamper-proof email archiving solutions allow communications to be stored securely away, safe from deletion. This tool can also assist HR teams in locating past email communications for use in internal investigations or employee disciplinary procedures.
According to a study by IBM, human error is the main cause of 95% of cybersecurity breaches. It is pivotal that Human Resources teams underpin their security infrastructure with an educated cyber aware culture within the workforce. By undertaking Security Awareness Training (SAT) programmes, employees can better understand the role they play in helping to combat security risks.
HR teams have an essential role to play in choosing and implementing the correct SAT programme to reflect the skills gap within their workforce. The frequency of the training, the engagement, modules and available reports to demonstrate improvement must be considered when picking the right programme in order to increase employee vigilance for the future. Additionally, HR departments should also receive ongoing training, concentrating on mitigating the financial, legal and reputational threats that come with cyberattacks, so that all areas of the business remain up to date when it comes to security.
HR departments must realise that sitting on confidential and personal information makes them a prime target for hackers, so it’s therefore time to prioritise. With the rising number of security attacks and sophisticated methods, teams must act now and deploy a layered security approach to keep sensitive data secure and train workforces to identify, spot and react proactively to any potential attacks. With the right strategy in place, HR teams can implement the right steps to safeguard their information and maintain data privacy.