The computers of human resources professionals (HRs) are especially at risk of cyberattacks.
The reason is that they are easily accessible and their contact details are often present on the business website. Because they have to be accessible for future and current employees, they are generally easy to reach.
They are also high-value contacts because HRs are the guards of company information. They have access to and protect company intellectual property and employee personal information. And this data is highly valuable to cyber attackers.
Here are three main ways in which HR professionals are vulnerable to attack:
* Incoming mail: Cybercriminals penetrate the corporate security perimeters by sending an employee an email containing a malicious attachment or link. Opening this link can release a virus, which can download personal files.
* Access to personal data: HRs have access to all personnel data held by a company. By compromising a HR employee’s mailbox, access is opened.
* Email hijacking: Here, a senior staff member’s mail account is hacked. It sends out emails to colleagues requesting fund transfers or the forward of confidential information.
Kaspersky and B2B International also researched employees’ role in a business’s fight against cybercrime.
“We’ve found that just over half of businesses (52%) believe they are at risk from within. Their staff, whether intentionally or through their carelessness or lack of knowledge, are putting the businesses they work for at risk,” explains Lehan van den Heever, enterprise cyber security advisor at Kaspersky.
“This is why staff training is essential in raising awareness among personnel and motivating them to pay attention to cyberthreats and countermeasures ― even if it’s not part of their specific job responsibilities.”