top of page

How can I protect my HR business from cyber criminals?

Today, Human Resource departments and standalone companies providing outsourced HR support are at the frontline in the war against cybercriminals. And it’s easy to understand why.

Human resources laptop

HR and recruitment agencies receive thousands of emails and file attachments from job seekers and aspiring talent. Because there is no way HR staff can avoid reading the emails or opening file attachments this vulnerability makes them an ideal target for cyber criminals and hackers.

The HR department of any organisation also holds vast amounts sensitive personal data and financial information that by itself makes them a prime target for cyber criminals. There’s personally identifiable information such as home addresses, bank details, dates of birth and National Insurance numbers that criminals can collect and use for their nefarious activities. Not only can they attack, or target employees personally, but also use this information to launch phishing attacks against the business or its partners in the future.

In fact, this is exactly what happened in 2018 when a well-known UK business’ online recruitment system became the target of a cyber-attack. The following data leak exposed biographical and contact details stored in their databases, which subsequently affected other parts of their organisation. The cost to the business is estimated to have been in the hundreds of thousands of pounds to fix.

Recruitment agencies and HR teams also store intellectual property such as scans of personal documents and a list of top talent for a particular job role or industry, for example. All in all, with the threat of cyber-attacks continuing to rise, your business needs to ensure that it is doing everything it can to protect itself and its data from the menace of cybercrime. And a really good place to start is to ensure that your website is secure and doesn’t allow criminals to access your network.

What is an FSWA and how can it help my business?

The First Step Web Assessment (FSWA) is a service that can directly impact on your website security and help you I n the continual fight against cyber criminals. The service itself conducts a light touch assessment of your website’s security setup. It is conducted by a team of trained university graduates within the Cyber Path program, who support the national network of Cyber Resilience Centres.

The current fee for the service is only £180.00 and has been set to reflect the fact that many companies cannot afford to spend huge sums of money to protect their assets. You may even qualify for a further discount dependant on your company’s size and sector.

We will usually look to turn this service round in a few weeks and all we need is your website address (URL) to get going.

Our team use both passive and active reconnaissance techniques to assess your website, looking at how a cybercriminal would identify a vulnerable site. Passive reconnaissance seeks to gain information about your site without actively engaging with it, identifying outdated components and software that has been used to build it. The service then undertakes active reconnaissance through the use of automated scans to identify vulnerabilities not found through the initial tests.

You will then receive a short non-technical report (2-3 pages) to show any risks found on the site. The report will allow you to consider the risk and encourage further discussion with the site's developer/IT/host provider to help bolster your security further.

What should I do now?

Here at the centre, we would recommend that you consider joining our community today as one of our growing number of free core members. You will be supported through implementing the changes you need to make to protect your organisation.

So take a look at the First Step Web Assessment service and find out what you need to do next to make your business a no-go zone for cyber criminals. If you would like to know more about this or any other service, why not book a chat with us today?

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page