Intelligent Issue 12 | Page 53



Employing trouble ? HR teams emerge as key targets for cyberattack

S ome professions are more susceptible to cyberattacks than others . Regardless of the type of business and the security protocols in place , cyberattackers will seek out a company ’ s weak spots .

HR professionals have been thrown into the deep end due to the COVID-19 pandemic . Staff furloughs , remote working and significant changes in the way people work have all become challenging , testing the traditional working formulas .
According to IHS Markit , Dubai ’ s Purchasing Managers ’ Index has jumped to 53.2 in July from 51 in June . A number greater than 50 implies that the economy is expanding , while a reading of less than 50 indicates that it is contracting .
With such a positive outlook , it is not surprising to see that the index also states that the employment growth of the emirate has picked up to a
20-month high , posing yet another challenge that HR representatives need to overcome . As more hires are needed , the computers of Human Resources professionals ( HRs ) are especially at risk of cyberattacks , as they are easily accessible and in contact with a wide range of individuals . Their contact details are often present on the business website and on professional networking platforms .
They are also high-value contacts because HR is the custodian of valuable company information . They have access to – and protect – company intellectual property and personnel information across levels . And this data is highly valuable to cyberattackers .
Here are three ways in which HR professionals are vulnerable to attack .
1 . Incoming mail : Cybercriminals penetrate the corporate security perimeters by sending an employee an email containing a malicious attachment or link . Opening this link can release a virus , which can download personal files .
2 . Access to personal data : HRs have access to all personnel data held by a company . By compromising a HR employee ’ s mailbox , access is opened .
3 . Email hijacking : Here , a senior staff member ’ s mail account is hacked . It sends out emails to colleagues requesting fund transfers or the forwarding of confidential information .
Employees are the first line of defence but according to Kaspersky ’ s cybersecurity awareness training whitepaper , more than 80 % of all cyber incidents are caused by human error , explained Ara Arakelian , HR manager for Middle East , Turkey and Africa at Kaspersky . This is why it is crucial for organisations to build a culture around cyber readiness by implementing training solutions .
To minimise the likelihood of intruders penetrating an HR department , Arakelian recommends the following tips :
• Employee-focused security measures such as employee engagement and training on cyberattacks .
• Identify compromised file formats that come through , looking like resumes and work samples .
• Install updates and ensure that antivirus protection is always on .
• Isolate HR computers on a separate subnet . If one computer is compromised , the threat cannot spread .
• Store personal data on a different server , not on HR department computers .
• Update software on HR computers regularly and maintain a strict and easy-to-follow password policy . �
Intelligent SME . tech
. tech