Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Human Resources – top 10 tips to ensure you stay one step ahead of the cyber criminals

published on 2022-04-21 10:56:19 UTC by
Content:

Why are HR and recruitment firms highly vulnerable to cyber-attacks?

HR and recruitment agencies receive thousands of emails and file attachments from job seekers and aspiring talent. Because there is no way HR staff can avoid reading the emails or opening file attachments this vulnerability makes them an ideal target for cyber criminals and hackers.

Photo of Clem Onojeghuo on Unsplash ">

The HR department of any organisation also holds vast amounts sensitive personal data and financial information that by itself makes them a prime target for cyber criminals. There’s personally identifiable information such as home addresses, bank details, dates of birth and National Insurance numbers that criminals can collect and use for their nefarious activities.

Photo of brown envelope with handwritten note

Not only can they attack, or target employees personally, but also use this information to launch phishing attacks against the business or its partners in the future. In fact, this is exactly what happened in 2018 when a well-known UK business’ online recruitment system became the target of a cyber-attack. The following data leak exposed biographical and contact details stored in their databases, which subsequently affected other parts of their organisation. The cost to the business is estimated to have been in the hundreds of thousands of pounds to fix.

Recruitment agencies and HR teams also store intellectual property such as scans of personal documents and a list of top talent for a particular job role or industry, for example.

Ok but what can I do about it?

What we intend to show you here are few tips to get the ball rolling in your own organisation and start making it harder for hackers to steal, destroy or hold you to ransom over your data.

Three padlocks with the smallest one on its side with the hasp open

And remember small is not safe – many attacks are conducted by bots that randomly search for vulnerabilities in networks and then report back to their criminal masters when they find them. If you haven’t patched the latest security updates you can put yourself and your organisation at real risk.

So, if you work in any part of the HR or recruitment industry read on!

  1. Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable.
  2. Consider using a password manager for your staff to use. Remember just one strong password and your manager remembers the rest. Watch our short video to find out more.
  3. Enable 2 Factor Authorisation (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are released, criminals still won’t be able to access the account. You can find more about 2FA here.
  4. Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because they have never evaluated them, and then when they need the data the most, they find that they can’t recover.
  5. Ensure you have anti-malware on all devices, including your phones.
  6. Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for a do. The ECRC can provide bespoke Staff Awareness Training through our affordable student services.
  7. If you have a website, get a web app vulnerability assessment. This will look at whether your site is secure from the most common cyber-attacks against it.
  8. Install those updates as soon as possible. Criminals also know about the vulnerability and will craft attacks specifically for known vulnerabilities.
  9. Have an incident response plan and test that it will help when the worst happens. You can find free template plan to get you started here.
  10. Join the Eastern Cyber Resilience Centre. It’s free, and you will be kept up to date with the latest threats to your business as well as guidance, support and direction to free tools and services, and access to our affordable student services which can help with vulnerability assessments and staff awareness training amongst other services. Sign up now.

Incident Reporting

All the police forces across the Eastern region have dedicated specialist cybercrime teams who are highly trained and experienced in investigating cybercrime and at putting the victim’s needs at the forefront of the investigation.

It is important if you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), that you call your local police at any time on 101 or report the attack to Action Fraud on 0300 123 2040 immediately.

Action Fraud Logo
Article: Human Resources – top 10 tips to ensure you stay one step ahead of the cyber criminals - published over 2 years ago.

https://www.ecrcentre.co.uk/post/human-resources-top-10-tips-to-ensure-you-stay-one-step-ahead-of-the-cyber-criminals   
Published: 2022 04 21 10:56:19
Received: 2022 04 24 06:10:37
Feed: The Eastern Cyber Resilience Centre
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor