Free HR Webinar on Data Breaches
View our free HR webinar to earn free HRCI & SHRM credits
Ascentis recently hosted a free HR webinar data breaches titled, Risky Business: Managing HR Data in a Hacker-Prone World. This free HR webinar recording is no longer available, but Ascentis hosts a library of other similar free HRCI & SHRM webinar recordings here. Our expert speaker from this webinar–Katherine Jones from Mercer— covers this topic further in her blog post below:
Beyond Planning for Prevention – Plan for Recovery
By Katherine Jones, Ph.D., Mercer
The pace of cyber-attacks is accelerating in both business and governments; organizational tactics are shifting to include identification, prevention, detection, response and recovery. The key message for today: prevention isn’t enough—HR has to plan for recovery.
Cyber security management is a process, not an event. It requires a comprehensive, multi-dimensional approach addressing people and processes. First, know what information in your organization requires protection. It may be legally-mandated, customer-sensitive, or competitive information – but it is unlikely that all data internal to your organization requires the same levels of security. Then ascertain your appetite for risk – and be realistic. What data is really worth Fort Knox-like security?
In developing your information security requirements, create “what if” damage scenarios – what would the extent of damage be if a database was compromised by external hackers or by an employee who haplessly opened the email from Mrs. So-and-So from Nigeria promising millions of dollars? Then measure the gap between your current and your desired security states and plan and execute a risk mitigation strategy.
In all, we tend to look at cyber threats as something outside the organization—when the bad guys break in. Many may be—but there is indeed a threat within as well: these it is in our purview to monitor and plan to address. First, we need to think about cyber risk as a “permanent enterprise risk” not “isolated IT event.” Second, we need to plan a workforce cybersecurity strategy. And this involves HR.
Know your people (we say we do – but do we?) In background checking, do we ask about any untoward computer activity in previous positions? We better. And we need to educate our workforce. Falling for phishing, for example, is one of the more common ways that workers and the population in general succumb to what looks like a normal email or web request, only to discover they have opened a back door to viruses, worms, and a host of other vermin. Based on data from a Verizon report: 23% of recipients open phishing messages, 11% click on attachments; this means that a phishing campaign sent to 50 people will net five to six victims in the catch – hardly small fry.
Help your employees be good corporate cyber citizens: educate them on the importance of cybersecurity and their responsibilities for their own data safety. Read more here: for four free briefs on various aspects of cyber-security for HR.
Click here to view similar free HR webinar recordings on this topic and to earn free HRCI and SHRM credits.
If that topic is of interest to you be sure to sign up for one of our free HR webinars or our HCM News & Trends newsletter so you can be notified of her upcoming webinars coming in late 2016/early 2017.