Cyber-crime poses a risk to every department of every organisation nationwide, and the truth is that anybody with access to the internet has the potential to become a victim. For those working in HR, they can often be on the frontline of the problem. This means that raising awareness of how to spot a potential cyber-attack can turn your employees from a potential way in for criminals into your most powerful line of defence.
The consequences of a cyber-attack on any level have the potential to be extensive and disruptive. However, those working in HR may be targeted more due to the type of data they possess and what that data is connected to. HR systems process a huge amount of sensitive data about employees and integrate with other critical systems such as bank accounts. These systems are accessible online, meaning a security breach could provide criminals access to an extensive network of information. If all or part of this network is shut down it has the potential to provide long-lasting disruption to the operation of the company, as well as causing reputational damage due to the compromised data.
Working in HR can make you particularly vulnerable to cyber-attacks because sharing data and information over the internet is widespread practice in the job. This means that you are more likely to be targeted by phishing and social engineering cyber-attacks. Phishing at its most basic definition is when criminals will contact you, often via email, and attempt to trick you into doing the wrong thing, which could be clicking a malicious link or downloading an attachment. Whilst some phishing attempts are easier to spot, others can be well-crafted to sound legitimate and convincing. The nature of HR means that staff may be more likely to fall victim to one such attempt, for example if a criminal impersonates a potential job candidate or an existing employee.
As well as being aware on how to spot phishing and ransomware attempts, HR employees also have a role to play in monitoring and enforcing good cyber hygiene within the company. HR workers are well-positioned to make decisions about who should access what data, and to promote good standards amongst employees surrounding topics such as strong passwords and guidance on working from home.
Where does Cyber Essentials fit in to all of this?
Cyber Essentials is a government-backed scheme that assists business with putting technical controls in place that protect their organisation from cybercrime. At its most basic level, it is a checklist to follow, that helps you defend against common threats like malware, ransomware, and phishing. The result of this is a certification that leaves your employees, customers, and client base assured in the knowledge that you have considered the cyber security of your company, identified any existing vulnerabilities, and worked proactively to change this. Most cyber-attacks target those businesses that do not have basic technical controls in place, these technical controls are the ones that you must have to be Cyber Essentials certified. Whilst this does come at a cost to your business, it is very affordable, and a fractional investment in comparison with the potential costs of a cyber-attack.
Choosing to become accredited in this scheme removes the pressure of trying to cover all bases when it comes to cybersecurity, because the requirements are listed for you. The accreditation ensures that you are aware of the common threats facing your organisation and how to spot them if they make it through your defences. It is therefore a valuable option to help strengthen cyber security in all areas of your business.
How can the ECRC Help with this?
Becoming a free member of the Eastern Cyber Resilience Centre ensures that you are supported in making the slight changes that make the biggest difference.
As part of your membership, you become enrolled onto our ‘Little Steps’ programme; a weekly email series giving you steps to improve your cyber resilience, delivered in a way that is digestible and accessible to a non-technical audience. For those looking to become Cyber Essentials certified in the future, following this series will leave you compliant with many of the criteria. This allows you to improve your cyber security in increments, which is ideal for businesses working on busy schedules and juggling various priorities.
If you decide to go through with becoming Cyber Essentials certified, the ECRC have several Cyber Essentials Partners who are able to facilitate the accreditation process, however there are companies all over the UK that can do this for you and there is no requirement to use one of our partners.
Additionally, the ECRC also offers various affordable student services, designed to help you assess, build, and manage your online networks. Delivered through Cyber PATH, these services can help those who feel unaware of their potential vulnerabilities online and assist with developing the right strategies to respond to potential incidents in the future.
If you are unsure or simply want to know more about cyber resilience and what we do at the ECRC, why don’t you book a chat with us today?
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Reporting a cyber-attack which is not ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)