Dive Brief:
- HR leaders today are being asked to join their company's cyber defense as part of an overall “boots on the ground," front-line effort, according to Workforce.
- By its nature, HR is loaded with valuable personal and corporate data, systems and processes that cyber criminals regularly seek.
- HR, despite its limited technical expertise, needs to work with IT, C-Suite and other stakeholders to create strategies that help protect sensitive data and offer a buffer from cyber attack risks, Workforce reports.
Dive Insight:
There are several HR-related areas where data security is a potential risk. One is the cloud, where cost and convenience have driven many HR operations to third party-hosted servers. A recent worldwide survey of 1,100 senior IT security executives, for example, found that 85% have sensitive data parked in the cloud and 70% admitted data security in the cloud concerns them.
Another risk is today's cyber criminals masquerading as senior management via email (also known as “spoofing”), trying to trick HR staff into unleashing payroll data or sensitive IRS documents (W-2s). They may even hold a company hostage via ransomware.
Bottom line, HR leaders can't be complacent because cyber criminals don't rest. HR needs to get involved and learn how it can help stave off cyber attacks and boost data security. Most of all, HR needs to offer proper training to its staff, and by extension, export cyber risk management training efforts across the workforce.