Recruitment, hiring, onboarding, training … There are many terms and processes present in the career of HR managers, but it is good that they get used to one more: cybersecurity. Gone are the days when protecting corporate databases was a matter for the IT department alone. With the advancement of technology and the evolution of teleworking, the Human Resources area must also be alert to possible cyber attacks.
Hacker invasions have been increasing in recent years, but in 2020 there was an exponential growth, considering that, with teams working at home, due to the coronavirus pandemic, access to companies’ information systems presents a much greater vulnerability . Kaspersky, a Russian cybersecurity company, pointed out in a recent survey that attacks on remote access tools increased 333% between February and April.
Several companies have already suffered from the invasion of cybercriminals to the systems. The most common scam is to hijack data and leave the internal network encrypted, then ask for a ransom to release the data and prevent the stolen information from being sold to the competition or becoming public on the deep web, as explained in the article published in the The Country Brazil.
As employees went abruptly and disorderly to remote work, due to the pandemic, the companies were unable to offer the same security structure practiced in the offices. With non-certified networks, open routers and a greater volume of connections in the neighborhood, cybersecurity has been hit hard. Even with the private communication network (VPN), data is not safe from malicious attackers.
Absence of policies
Despite the great risks, about 40% of Brazilian companies do not have established cybersecurity policies or have not informed their employees of their existence. This is what another Kaspersky report says: only 45% of Brazilian organizations have already implemented rules for this area, while 15%, despite already having them, do not oblige professionals to comply with them.
It is worth remembering that in January 2021, the General Law on Protection of Personal Data (LGPD). The normative provision aims to regulate the way companies use and store customer, employee and user data.
Thus, organizations must take a series of measures, the main ones being the improvement of its digital structure and the formation of a team specialized in the area, in order to guarantee compliance with legal requirements. It is also recommended the development of internal policies, data protection strategies and the adoption of action plans to manage eventual crises involving security and privacy of users.
How to turn the game around?
Data hijacking, payroll fraud, counterfeiting, corporate espionage … The attack by cybercriminals can create a lot of headaches for companies, both in financial terms, in terms of image and reputation.
Given this scenario, it is crucial to take precautions as soon as possible with HR having a key role in data protection. Following are six tips to implement in the organization and ensure more cybersecurity.
Partner with TI
It is vital that HR and IT have an open and consolidated communication channel with everyone aware of their role in the occurrence of incidents. HR is not only the last line of defense against attacks, it must strengthen cybersecurity policies across the company as a whole. Having IT support to detect suspicious activities, train and support other employees is very important.
Assemble an information security team
The ideal would be to create a virtual security team in the company that combines technology, policy and procedures to ensure that each employee understands their responsibility. In addition, they must be on standby to assist employees when they detect something suspicious.
Know the basics
HR professionals don’t need to know all the technical details, but it would be useful to learn the basics of cybersecurity and LGPD. The most relevant is to control user access. Ideally, the team should have only the necessary access to software, programs, online services and connectivity programs to perform its functions. Extra permissions should be given only to those who really need it, and procedures such as data makeup and encryption can help with security.
Organize policies and procedures
The well-defined control policy must be part of the onboarding process and HR must promote regular updates and revoke access when the employee leaves the organization. Attention is still needed with the use of remote equipment. Define a device usage policy in line with security measures to protect information processed and filed outside the workplace.
Invest in team training
All employees must receive a kind of literacy in cybersecurity. They have to be aware of the importance of protecting information, know policies and procedures and know how to act in the face of threats. Schedule trainings that teach essential security practices on devices and web browsing, such as not opening email attachments sent by anonymous senders, not clicking links without checking destinations, using only authorized cloud services and not repeating the same password for different accounts. Classes can be taken online.
Prioritize monitoring
Companies need to be ready to detect threats at an early stage. While technical procedures are in place to resolve the breach of the system, HR needs to know what procedures should and should not be taken by the teams. Have an emergency plan in place in case of data leakage or other cybersecurity issue. Also make sure that employees know who to contact when facing such incidents.
Did you find the suggestions in this article interesting? So, learn more about information security in the home office.
