HR is integral to any organisation. From managing the recruitment and retention of employees to facilitating workplace learning and development, it is a role that embeds itself at the heart of a company. Whether HR is the sole purpose of your business, or has its own department within your company, it is important to make sure that you are aware how and why you could be targeted by a cyber-attack or data breach. Specialising in HR allows you access to a wealth of sensitive information about employees, as well as potentially handling financial data relating to payroll or expenses, all of which is highly valuable to cyber criminals. A successful cyber-attack could see your company locked out of its systems, having its data stolen, or potentially having finances being stolen directly. However, whilst those working in HR may be a target for criminals, with sufficient awareness and training, they can become one of the strongest human defences in terms of spotting and avoiding a potential breach or attack.
What could a potential cyber-attack look like?
The most common method used to commit cyber-attacks is phishing. Phishing involves using social engineering tactics via text, email, phone call or QR code, with the aim of tricking the recipient into doing something such as downloading an external attachment, visiting an untrustworthy website, or revealing personal information. This makes those working in HR vulnerable, as receiving documents via email and communicating with job candidates or employees is a regular part of the job. Criminals can impersonate a new or current employee in a way that appears very convincing and legitimate and could go unnoticed. However, if an email has malware embedded in it, downloading attachments, or clicking links, can compromise the security of the organisation. Other methods used by criminals, include fake security checks from frequently used websites. These bogus security checks can ask employees to input their login credentials, which can then be captured and used to access company systems. Additionally, there are also cyber behaviours that can increase the risk of falling victim to a cybercrime. Using unauthorized devices for work purposes, accessing unauthorized websites, or having poor password hygiene are all things which can make anybody, not just HR, vulnerable to a breach.
What is SAT and how can it help?
Whilst cyber-attacks present a financial and reputational risk to organisations, undertaking security awareness training can significantly reduce the risk of a successful attack. If people understand the different forms that cyber-attacks can take, it increases alertness and makes them easier to spot. Additionally, understanding what good cyber hygiene looks like can cement good behaviours within the workplace, even more so when people understand why they are important.
Security Awareness Training (SAT) is offered by the ECRC as an affordable way to start an open dialogue amongst your staff about all things cyber-crime. This is delivered by students working as part of CyberPATH programme. Through CyberPATH, students are trained and monitored by senior ethical hackers to provide a selection of cyber services to businesses, which supports the future cyber talent pipeline and keeps the cost to a minimum.
Training can be issued across either a full or half day and is tailored to the needs of its specific audience. It is designed to be contextually relevant and accessible for all abilities. This could include talking about the most common cyber-crimes committed against those working in HR, as well as common features of phishing emails and suspicious requests. Thorough training allows a company to increase cyber resilience as a collective and can transform staff from being a vulnerable access point into an effective line of defence against an attack. SAT also educates people on the best practices of staying safe, such as secure passwords and MFA, and teaches them why the way they conduct themselves online matters. Police Cyber Protect officers can also deliver SAT free of charge and offer engaging activities such as an online Cyber Escape Room.
Additionally, there is an offer available for micro businesses and sole traders interested in SAT. Rather than an in-person session, CyberPATH offer a 2.5-hour remote training session, at a fixed cost of £60 for one person, with any additional person costing £10. This is optimal for smaller companies, who wish to gain a thorough overview on how to keep themselves safe online.
What else can the ECRC do for me?
Signing up as a free member of the ECRC ensures you are supported in making impactive choices to improve your cyber resilience. Our free membership enrols you onto our ‘Little Steps’ programme, a weekly email series delivering informative and proactive steps into your inbox, designed to be succinct and accessible. Our communications also signpost you towards the free resources that exist to support SMEs with their cybersecurity needs, which can be accessed from our website here.
Additionally, the ECRC offers a handful of other affordable cyber services, all delivered by CyberPATH students. These include various vulnerability assessments that look at aspects of your organisation’s online presence at different depths. These are ideal for those who want clarity on their current cybersecurity position, in terms of existing vulnerabilities and the subsequent steps to manage them. All services are concluded with an accessible report detailing the findings and suggestions on how to manage any concerns that have been identified.
If you would like to know more about how the ECRC can help, or if you have any questions at all, please contact us today or book a chat here.
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which isn’t ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)