Today, HR departments and standalone companies providing outsourced HR support are at the frontline in the war against cybercriminals. And it’s easy to understand why.
HR and recruitment agencies receive thousands of emails and file attachments from job seekers and aspiring talent making them an ideal target for cyber criminals because they cannot avoid reading emails or opening file attachments.
Earlier this year, WH Smith fell victim to a cyber-attack which saw hackers gain access to confidential employee details like names, addresses, National Insurance numbers and dates of birth. The leak included details of both current and former staff members.
The HR department of any organisation also holds vast amounts sensitive personal data and financial information (as seen in the above case study) such as home addresses, bank details, dates of birth and National Insurance numbers that criminals can collect and use for their nefarious activities. Not only can they attack, or target employees personally, but this information can also be used to launch phishing attacks against the business or its partners in the future.
Here at the centre, we would advise you to do three things now.
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at:
Text messages can be forwarded to 7726
Click to Open Code Editor