Today, HR departments and standalone companies providing outsourced HR support are at the frontline in the war against cybercriminals. And it’s easy to understand why.
HR and recruitment agencies receive thousands of emails and file attachments from job seekers and aspiring talent making them an ideal target for cyber criminals because they cannot avoid reading emails or opening file attachments.
The HR department of any organisation also holds vast amounts sensitive personal data and financial information (as seen in the above case study) such as home addresses, bank details, dates of birth and National Insurance numbers that criminals can collect and use for their nefarious activities.
Earlier this year, WH Smith fell victim to a cyber-attack which saw hackers gain access to confidential employee details like names, addresses, National Insurance numbers and dates of birth. The leak included details of both current and former staff members.
Not only can they attack, or target employees personally, but this information can also be used to launch phishing attacks against the business or its partners in the future.
What can I do to increase my organisations cyber resilience?
Here at the centre, we would advise you to do three things now.
Join our free community membership and you will be supported through implementing the changes you need to make to protect your business and your customers.
Take a look at the NCSC’s Cyber Action plan - a great starting questionnaire to highlight the key areas of cyber resilience which you need to consider.
For all organisations in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. As a free member we will take you as far as the CE accreditation process. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. And if you want to pay for the assessment, we can refer you one of our Cyber Essentials Parnters – all regionally based cyber security companies that can help you become accredited.
We would also recommend that you speak to your Managed Service Provider and/or website company to discuss how they can implement cyber resilience measures on your behalf.
Reporting a live cyber-attack 24/7
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Reporting a cyber-attack which isn't ongoing
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Report a phishing attack
If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phising.gov.uk
Text messages can be forwarded to 7726