top of page

I work in HR – why do I need to be concerned about cyber security?

Today, HR departments and standalone companies providing outsourced HR support are at the frontline in the war against cybercriminals. And it’s easy to understand why.

job interview

HR and recruitment agencies receive thousands of emails and file attachments from job seekers and aspiring talent making them an ideal target for cyber criminals because they cannot avoid reading emails or opening file attachments.

The HR department of any organisation also holds vast amounts sensitive personal data and financial information (as seen in the above case study) such as home addresses, bank details, dates of birth and National Insurance numbers that criminals can collect and use for their nefarious activities.

Earlier this year, WH Smith fell victim to a cyber-attack which saw hackers gain access to confidential employee details like names, addresses, National Insurance numbers and dates of birth. The leak included details of both current and former staff members.

Not only can they attack, or target employees personally, but this information can also be used to launch phishing attacks against the business or its partners in the future.

What can I do to increase my organisations cyber resilience?

Here at the centre, we would advise you to do three things now.

  1. Join our free community membership and you will be supported through implementing the changes you need to make to protect your business and your customers.

  2. Take a look at the NCSC’s Cyber Action plan - a great starting questionnaire to highlight the key areas of cyber resilience which you need to consider.

  3. For all organisations in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. As a free member we will take you as far as the CE accreditation process. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. And if you want to pay for the assessment, we can refer you one of our Cyber Essentials Parnters – all regionally based cyber security companies that can help you become accredited.

  4. We would also recommend that you speak to your Managed Service Provider and/or website company to discuss how they can implement cyber resilience measures on your behalf.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Report a phishing attack

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at:

Text messages can be forwarded to 7726


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page