October Is Cybersecurity Awareness Month: Are Your Systems Protected?

By Greg Wright October 24, 2016
October Is Cybersecurity Awareness Month: Are Your Systems Protected?

As National Cybersecurity Awareness Month comes to a close, it is crucial that HR professionals be aware of potential cybersecurity risks and know the steps they must take to protect sensitive employee data.

"Technology plays an increasingly significant role in our daily lives," President Barack Obama said in a statement marking Cybersecurity Awareness Month. "The rise of the Internet has brought incredible opportunity and new ways of innovating and enhancing our way of life—but with great potential also comes heightened risk to our data."

Cybersecurity attacks are occurring more frequently and becoming more serious.

In September, Yahoo confirmed that hackers had compromised at least 500 million user accounts, making the incident the largest data breach from a single site in history. On Oct. 18, Yahoo CEO Marissa Mayer stated in a release that she remains confident of Yahoo's value and ability to keep its users despite the breach, which analysts believe might thwart the company's plans to sell its core business for $4.83 billion to Verizon.

Security breaches can be expensive for companies, according to the Journal of Cybersecurity. The total annual cost of cybersecurity crimes is $8.5 billion, and the cost for an individual company is about $200,000, according to research published in the journal.

Below are the most commonly occurring cybersecurity crimes:

  • Ransomware: Occurs when criminals infect computers with malicious software that then blocks the user from accessing the computer system until a ransom is paid.
  • Onion-layered security incidents: Occurs when a company's security team begins to investigate a visible security breach, only to discover hidden, more damaging attacks in other parts of a company's systems, according to an IBM report. These attacks are sometimes found when an unsophisticated hacker—or "script kiddie"—commits an easily discovered breach and security experts dig deeper to find that more stealthy, skilled attackers have already exploited a company's vulnerability, IBM said.
  • Insider threats: Also known as disgruntled employees. These "malicious insider" attacks occur when a peeved employee or ex-employee who has access to logins and company data goes in and fouls up a company's computer network.

    "In 2016, the number of data breaches has been record-breaking," and not just for companies but individuals, too, said Karl Volkman, a tech expert and chief technology officer of SRV Network Inc., a computer consultancy in Chicago.

    "Despite this, a shocking number of companies do not have a data breach response plan. And only 1 in 3 small business owners even realize that cyberinsurance exists," he added.

    Erik Knight, a 20-year veteran of the cybersecurity industry, told SHRM Online that U.S. business owners need to "wake up and think about why it is time to take your small business data seriously."

    "The average business is unaware and unprepared that it's being hit with more than 10,000 attempted intrusions a day, and the number of these attacks are growing," said Knight, chief executive officer of SimpleWan in Phoenix. SimpleWan is a cloud-based security-monitored firewall designed for IT and service providers.

    "When a data breach does occur, it can take months to discover it," Knight said. "The days of small businesses not taking data breaches seriously are over."

    What steps can HR professionals urge their companies to take in order to avoid expensive and embarrassing cybersecurity breaches? Here are some suggestions from IBM and others:
  • Regularly back up your data in case your company experiences a ransomware attack.
  • Educate your staff so they are aware of the different types of cybersecurity incidents and how to avoid them.
  • Keep your systems updated so they have fewer security vulnerabilities.
  • Stay alert by using products that let you know if intruders are trying to infiltrate your computer systems.
  • Encourage your IT staff to create operational procedures just in case you need to respond to potential cybersecurity threats and attacks.
  • Enforce good password policies, including requirements that passwords be changed periodically, and prohibit password sharing.
  • Institute two-factor authentication. For example, have employees respond to a text message on their smartphone whenever they try to access your system.
  • When employees are terminated, immediately cancel all their credentials, including password logins.
  • Keep in mind that the wide use of smartphones and Wi-Fi networks can pose an additional threat to your systems because criminals can exploit them to get to your data.
  • The National Cybersecurity Alliance offers free security checkups and tools that may be useful for smaller companies that do not have dedicated security teams.

    "If a small business has an 'It can't happen to me' approach, I guarantee they are a target for a cyberthreat," Knight added. "In addition to an increase in the volume of hacking, the scams are becoming much more sophisticated, and the landscape is changing regarding culpability. Organizations and governments are starting to hold businesses responsible for protecting customer privacy"—something HR professionals should keep in mind.

    Greg Wright is a Baltimore-based freelance writer.



Hire the best HR talent or advance your own career.

Are you a department of one?

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.