22 April 2021

The pandemic has forced businesses to revise their working processes; from shifting overnight to a remote working model and operating in a challenging economic climate, many companies were unprepared for these transitions. However, these changes highlight the important role of Human Resource departments in communicating and responding to the necessary adjustments and helping employees through the process.

As HR departments reconsider how they strengthen their organisations, front and centre to that shift needs to be IT security, underpinned by digital tools and a cyber-aware culture. With a 31% increase in cyberattacks during the height of the pandemic, reinforcing cybersecurity should be at the top of HR’s agenda.

Managing dispersed teams

With decentralised workforces, there is extra pressure for HR teams to effectively manage their employees. As the ‘Bring Your Own Device’ phenomenon creates a security concern due to the lack of consistent security software, as well as the pressure of staff feeling the need to work harder, faster and for longer, it’s no surprise that mistakes will be made.

Recent research has found that more than half of businesses believe working from home has made employees more likely to circumvent security protocols, such as failing to change passwords. Inappropriate use of business equipment might also be an issue, including browsing unsuitable websites, which must be managed with the appropriate controls, such as blocking access to websites that could drain productivity.

With the combination of untrained employees and creative hackers, the challenges of maintaining security are evident. However, by implementing the correct security solutions across all employees’ devices, these risks can be mitigated.

Protecting employee data

As well as managing their employees, Human Resource departments have a vital role to play in keeping information safe. HR managers deal with sensitive information daily, including health records, financial information and employee’s CVs – a gold mine for cyber hackers.

Additionally, the personal information stored within HR must comply with General Data Protection Regulation (GDPR), meaning that if this data was to be stolen by cyber hackers, the consequences could be devastating. New results found there was a 19% increase in the number of breach notifications, from 287 to 331 breach notifications per day.

Email is a key communication channel for HR managers to share this personal information – which is a risk in itself. The repetitive nature of email usage means that users can often forget that without the right protocols in place, email can be a window to serious cybersecurity breaches. However, luckily there are digital tools available that offer that critical second check.

Heightened email security

Throughout the pandemic, there has been an increase in the number of attacks using COVID-19 as a lure to vulnerable employees. Also, email addresses of those in HR are typically made publicly available for job applications, which is also an open opportunity for malicious attachments, disguised as CVs perhaps, to be sent.

HR teams can support employees to avoid not only making mistakes, but also be wary of potential email attacks, by deploying innovative technology. Digital tools, such as VIPRE’s SafeSend, provide a simple safety check, prompting the user prior to sending an email to confirm it is correct – going to who it should, with the right information. Such tools can also help in the event of a phishing attack by highlighting external email addresses which try to look like they have come from someone internally.

SAT programmes

Employees themselves are often the number one gateway for cyber-attacks. According to CISOs, human error has been the biggest cybersecurity challenge during the COVID-19 pandemic. It’s more crucial than ever for Human Resources to reinforce the need for a strong cyber aware culture, and this can be done through security awareness training programmes.

HR teams are often involved in implementing the right programme to suit the needs of their workforce. Key considerations should be around the frequency of training, how engaging the training is and the reports available to show improvement over time.

As well as implementing training for their employees, HR departments should also receive their own continuous training, which focuses on mitigating the legal, financial and reputational risks that come with cyber-attacks. Not only will training mean employees are aware of how personal data should be handled, but it will also increase accountability.

Conclusion

Covid-19 has presented new challenges to human resources teams but has also changed the future of the workplace. However, among these many transitions, cybersecurity must remain a priority. As threats continue to become more advanced and target those who are vulnerable, it is the job of HR to act now and deploy a layered approach to cybersecurity in order to keep sensitive data safe. Above all, for this secure infrastructure to be effective, employees must understand their responsibility when it comes to cybersecurity by taking a proactive role in keeping business information safe.