As National Cybersecurity Awareness Month comes to a close,
it is crucial that HR professionals be aware of potential cybersecurity risks
and know the steps they must take to protect sensitive employee data.
Photo Source: law.georgetown.edu
Cybersecurity attacks are occurring more frequently and
becoming more serious.
In September, Yahoo confirmed that hackers had compromised
at least 500 million user accounts, making the incident the largest data
breach from a single site in history. On Oct. 18, Yahoo CEO Marissa Mayer
stated in a release that she remains confident of Yahoo’s value and ability to
keep its users despite the breach, which analysts believe might thwart the
company’s plans to sell its core business for $4.83 billion to Verizon.
Security breaches can be expensive for companies. The
total annual cost of cybersecurity crimes is $8.5 billion, and the cost for an
individual company is about $200,000, according to research published in the
Below are the most commonly occurring cybersecurity crimes:
- Ransomware: Occurs
when criminals infect computers with malicious software that then blocks
the user from accessing the computer system until a ransom is paid.
- Onion-layered security incidents: Occurs when a company’s security team begins to
investigate a visible security breach, only to discover hidden, more
damaging attacks in other parts of a company’s systems, according to an IBM
report. These attacks are sometimes found when an unsophisticated
hacker—or “script kiddie"—commits an easily discovered breach
and security experts dig deeper to find that more stealthy, skilled
attackers have already exploited a company’s vulnerability, IBM said.
- Insider threats: Also
known as disgruntled employees. These "malicious insider”
attacks occur when a peeved employee or ex-employee who has access to
logins and company data goes in and fouls up a company’s computer network.
“The average business is unaware and unprepared that it’s being
hit with more than 10,000 attempted
intrusions a day, and the number of these attacks are growing,” said
Knight, chief executive officer of
SimpleWan in Phoenix. SimpleWan is a cloud-based security-monitored firewall designed for IT and service
“When a data breach does occur, it can take months to discover
it,” Knight said. “The days of small businesses not taking data breaches seriously are over.”
What steps can HR professionals urge their companies to take in order to
avoid expensive and embarrassing cybersecurity breaches? Here are some
suggestions from IBM and others:
- Regularly back up your data in case your company experiences a ransomware attack.
- Educate your staff so they are aware of the different types of cybersecurity incidents and how to avoid them.
- Keep your systems updated so they have fewer security
- Stay alert by using products that let you know if intruders are trying to infiltrate your computer systems.
- Encourage your IT staff to create operational procedures just in case you need to respond to potential cybersecurity threats and attacks.
- Enforce good password policies, including requirements that passwords be changed periodically, and prohibit password sharing.
- Institute two-factor authentication. For example, have
employees respond to a text message on their smartphone whenever they try
to access your system.
- When employees are terminated, immediately cancel all
their credentials, including password logins.
- Keep in mind that the wide use of smartphones and Wi-Fi
networks can pose an additional threat to your systems because criminals
can exploit them to get to your data.
- The National Cybersecurity Alliance offers free security checkups and tools that may be useful for smaller
companies that do not have dedicated security teams.
"If a small business has an ‘It can’t happen
to me’ approach, I guarantee they are a target for a cyber threat,“ Knight
added. "In addition to an increase in the volume of hacking, the scams are
becoming much more sophisticated, and the landscape is changing regarding culpability.
Organizations and governments are starting to hold businesses responsible for
protecting customer privacy"—something HR professionals should keep in
Article source: http://bit.ly/2eGUoYe
affects our daily lives especially within the business world and proactively securing
cyber activity will only benefit organizations no matter how big or small.
article highlights these points and also states ways to protect your online
life including backing up information, frequently updating all systems and much
though our focus in geared toward HR, cyber security needs to be every
industries priority because we all depend heavily on technology.