During the COVID-19 pandemic, it has become clear that the role of the Human Resources department has never been more important. With government rules seemingly changing by the day, furlough schemes to contend with, and virtually every employee concerned about the future, it’s fair to say that HR teams have been busy.
But through this challenging time, it’s important that HR professionals are mindful of cybersecurity and data protection, as there has been a growth in the number of cyberattacks against organizations throughout the pandemic. The cybersecurity of the business is a shared responsibility, and HR has an important role to play in protecting the organization during this time. Here we take a look at five key cybersecurity considerations for HR during the era of COVID-19.
1. Lack of threat visibility
One of the biggest changes for HR through COVID-19 has been the number of staff working from home – either through necessity or by choice – but this has created cybersecurity challenges, too. It can be more challenging to monitor employees working from home to understand which staff are accessing sensitive data and whether they are processing it in accordance with best practice.
It may be the case that COVID-19 has encouraged unsafe working practices such as shadow IT, where staff download and use software and apps that have not been approved by the IT team.
HR teams need to work closely with IT and cybersecurity teams to ensure that there is a strong cybersecurity awareness program in place and that it has been updated to reflect the current climate.
2. The security risks associated with workers returning to the office
Interestingly, just as working from home has been a cybersecurity challenge, so too is the return of workers to the office. With many offices closing completely and members of staff using their own devices at home for a matter of months, employees returning to the office can bring a range of potential challenges especially relating to dormant attackers.
“As employees return to work post-lockdown and connect directly to corporate networks, organizations need to be alert to the possibility that criminals could be lying dormant on employee devices,” said George Glass, Head of Threat Intelligence at Redscan. “They are waiting for the opportunity to move laterally through a network, escalate privileges and deploy ransomware.”
In effect, cybercriminals are waiting for remote workers to reconnect to corporate networks before triggering attacks, so endpoint security monitoring would be beneficial.
3. Targeted threats against employees
Cybercriminals work fast. Their tactics and strategies are constantly evolving, and so it is no surprise that throughout COVID-19, there has been a huge rise in the number of attacks using the pandemic and remote working as a lure to trick victims. One phishing scheme sent emails to employees suggesting that they had been requested in a Zoom call with HR regarding the potential termination of their contract.
Additionally, HR departments themselves have been targeted by cybercriminals attempting to take advantage of the confusion surrounding new working conditions.
4. Insider attacks
You might think of cyberattacks being exclusively the work of shadowy hackers and professional cybercriminals, when in actuality, a large number of attacks on organizations come from the inside. And with COVID-19 forcing many businesses to lay people off or put them on furlough, there is a stronger possibility of disgruntled employees and ex-employees finding the motivation to breach the system – either to steal data to sell or simply to make life harder for the business.
It is up to the HR team to work with IT and security teams to provide information on individuals who are leaving the company or have seen changes in their employment.
5. The mental health of security staff
All employees have been under significant pressure during the pandemic – and this certainly includes security staff. Cybersecurity specialists and the IT team are tasked with defending a larger area due to the fact that more employees are working from home and making use of a wider variety of endpoints.
This can cause not only worry and mental health issues for those staff members tasked with keeping the company secure, but can also cause fatigue due to a larger number of hours worked. The HR department has a duty to care for its staff, so it is important to be aware of the increased pressures on security professionals.
Final thoughts
HR teams have been doing great work through the COVID-19 pandemic, but it is important not to overlook something as vital as cybersecurity. With threats evolving daily and staff increasingly stretched, the HR team can play an important role in helping to ensure that everyone across the business is aware of the latest threats and that measures are in place to mitigate them.