Subscribe

Cyber criminals eye HR professionals

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 09 Apr 2021

Human resources (HR) professionals are particularly at the risk of cyber attack as they are the ‘front of house’ for future and current employees and their contact details are usually freely available on the business Web site.

This was according to Kaspersky and B2B International’s research into employees' role in a business' fight against cyber crime.

According to the security giant, HR professionals are also high-value contacts because they are the sentinels of company information. They have access to and protect intellectual property as well as the personal information of employees.

“And this data is highly valuable to cyber attackers,” says Kaspersky. “By compromising a HR employee's mailbox, access is opened.”

Because of this they are an attractive target of e-mail phishing and e-mail hijacking. “Here, a senior staff member's mail account is hacked. It sends out emails to colleagues requesting fund transfers or the forward of confidential information.”

Lehan van den Heever, enterprise cyber security advisor at Kaspersky, says the research shows that just over half of businesses (52%) believe they are at risk from within.

“Their staff, whether intentionally or through their carelessness or lack of knowledge, are putting the businesses they work for at risk. This is why staff training is essential in raising awareness among personnel and motivating them to pay attention to cyber threats and countermeasures ― even if it’s not part of their specific job responsibilities."

To lessen the chances of bad actors penetrating an HR department, Van den Heever recommends implementing employee-focused security measures such as employee engagement and training on cyber attacks.

He also advises businesses to watch for compromised file formats that come through, looking like resumes and work samples, to isolate HR computers on a separate subnet and store personal data on a different server, not on HR machines.

Finally, update software on HR computers regularly and maintain a strict and easy-to-follow password policy.

Share