Employing trouble? HR teams emerge as key targets for cyberattack

Employing trouble? HR teams emerge as key targets for cyberattack

Some professions are more susceptible to cyberattacks than others. Regardless of the type of business and the security protocols in place, cyberattackers will seek out a company’s weak spots.

HR professionals have been thrown into the deep end due to the COVID-19 pandemic. Staff furloughs, remote working and significant changes in the way people work have all become challenging, testing the traditional working formulas.

According to IHS Markit, Dubai’s Purchasing Managers’ Index has jumped to 53.2 in July from 51 in June. A number greater than 50 implies that the economy is expanding, while a reading of less than 50 indicates that it is contracting.

With such a positive outlook, it is not surprising to see that the index also states that the employment growth of the emirate has picked up to a 20-month high, posing yet another challenge that HR representatives need to overcome. As more hires are needed, the computers of Human Resources professionals (HRs) are especially at risk of cyberattacks, as they are easily accessible and in contact with a wide range of individuals. Their contact details are often present on the business website and on professional networking platforms.

They are also high-value contacts because HR is the custodian of valuable company information. They have access to – and protect – company intellectual property and personnel information across levels. And this data is highly valuable to cyberattackers.

Here are three ways in which HR professionals are vulnerable to attack, according to Kaspersky. 

Incoming mail: Cybercriminals penetrate the corporate security perimeters by sending an employee an email containing a malicious attachment or link. Opening this link can release a virus, which can download personal files.

Access to personal data: HRs have access to all personnel data held by a company. By compromising a HR employee’s mailbox, access is opened.

Email hijacking: Here, a senior staff member’s mail account is hacked. It sends out emails to colleagues requesting fund transfers or the forwarding of confidential information.

Employees are the first line of defence but according to Kaspersky’s cybersecurity awareness training whitepaper, more than 80% of all cyber incidents are caused by human error, explained Ara Arakelian, HR manager for Middle East, Turkey and Africa at Kaspersky. This is why it is crucial for organisations to build a culture around cyber readiness by implementing training solutions.

To minimise the likelihood of intruders penetrating an HR department, Ara recommends the following tips:

Employee-focused security measures such as employee engagement and training on cyberattacks.

Identify compromised file formats that come through, looking like resumes and work samples.

Install updates and ensure that anti-virus protection is always on.

Isolate HR computers on a separate subnet. If one computer is compromised, the threat cannot spread.

Store personal data on a different server, not on HR department computers.

Update software on HR computers regularly and maintain a strict and easy-to-follow password policy.

Click below to share this article

Browse our latest issue

Intelligent SME.tech

View Magazine Archive