top of page

How can I protect my HR team from cyber criminals?

The value of HR data cannot be understated – within the past few weeks yet another large-scale ransomware attack, this time against the British Library, has centred on the threat to publish sensitive personnel data unless a £500 000 ransom is paid. A spokesman for the British Library has said that they are

“aware that some data has been leaked, which appears to be from files relating to our internal HR information”

Group of 5 office workers wearing suits
Most cyber vulnerabilities are connected with your own staff

They added

“The outage is affecting our website, online systems, and services, as well as some onsite services including our reading rooms and public Wi-Fi. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.”

More and more, Human Resource teams are finding themselves at the frontline in the war against cybercriminals. And it’s easy to understand why. HR and recruitment agencies receive thousands of emails and file attachments from job seekers and aspiring talent. Because there is no way HR staff can avoid reading the emails or opening file attachments this vulnerability makes them an ideal target for cyber criminals and hackers.

The HR department of any organisation also holds vast amounts sensitive personal data and financial information that by itself makes them a prime target for cyber criminals. There’s personally identifiable information such as home addresses, bank details, dates of birth and National Insurance numbers that criminals can collect and use for their nefarious activities. Not only can they attack, or target employees personally, but also use this information to launch phishing attacks against the business or its partners in the future.

All in all, with cyber-attacks continuing to rise, the HR side of the business needs to ensure that it is doing everything it can to protect itself and its data from the menace of cybercrime. And a really good place to start is to make sure that those employees are fully aware of the current trends in cybercrime.

Security Awareness Training

The Eastern Cyber Resilience Centre was set up in 2021 as a government funded, police staffed company. That means we operate with a public service ethic, putting the needs of our members above all else. We offer a number of free and affordable Cyber Security and Resilience Services that are designed to assist businesses and their staff to have the right strategies to respond to cyber incidents efficiently and migrate any potential damage a cyber-attack may create.

Trainer standing at from of classroom
Regular cyber training should be a priority for all businesses

Through Cyber PATH, local university students are trained and mentored by senior ethical hackers, to deliver all our services and to work with staff to build their cyber awareness, understand the latest cyber threats and secure the business’s online environment.

Our Awareness Training focuses on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules, using real-world examples. We tailor our Security Awareness Training to each individual audience to provide the right level of skills and context for your business. We can deliver training to any sized group, in-person, remote or a hybrid of the two.

The trainers are highly knowledgeable, personable, and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions. Below are testimonials from businesses who have already had our Awareness Training:

For just a few hundred pounds, you can help to protect your company against a cyber-attack that ultimately could cost you thousands.

Our Security Awareness Training covers a wide range of cyber security topics, including social engineering, ransomware, and phishing attacks. The training provides simple and effective knowledge for people to understand their environment and provides the confidence to challenge when something doesn’t look right.

Organisations that have taken out this affordable service have been really complimentary about the training that they have received. As one of our members said.

“The Cyber Path Student was a confident and knowledgeable presenter who put all attendees at ease and lead a thoroughly enjoyable and hugely useful and informative session. Time well spent!”

What’s next?

Here at the centre, we would advise you to do three things now:

Join the ECRC as a free core member. Start implementing some simple changes now and start protecting your organisation, staff, customers, and supply chain.

Contact us to arrange a meeting to discuss providing Security Awareness Training for your company.

We are already working with over 1200 organisations across the East of England to help them tackle the continually changing cyber threats that they face. So come and join our community as free members and let us help you protect your organisation from the ever presents threats out there in the cyber-verse.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at:

Text messages can be forwarded to 7726


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page