Not a Member? Get access to HR news and resources that you can trust.
HR professionals share their advice for minimizing worker stress and boosting retention.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Virtual SHRM-CP/SHRM-SCP Certification Prep Seminars kick off September 12 and fill up fast!
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
A hack attack on a chief executive officer can be a very lucrative enterprise. Experts say that’s because CEOs’ access to high-level information might be the keys to their corporate kingdoms.
“If someone is out there trying to plan a cyberattack, they’ll try to hack into [a CEO’s] e-mail or his laptop remotely because they know he’s going to be the holder of the most sensitive information,” said Jeremy Ames, president of Gaucho Group, an HR technology consultancy based in Massachusetts.
Incidences of cyberhacking are increasing. As the
Los Angeles Times reported during the spring of 2013, “the nation’s top intelligence officials warned in a Senate hearing that cyberattacks and digital spying have eclipsed terrorism as the top threat to national security.”
Furthermore, in a nationwide study of 265 C-level executives—44 of whom were CEOs—51 percent said their company experiences cyberattacks daily or hourly. The study,
The Business Case for Data Protection by Michigan-based data security consultancy the Ponemon Institute, was conducted in 2012.
Educate Executives to Reduce Potential Threats
Experts say the best arsenal in the defense of such activity is education—especially for senior executives. “The message that the HR team can deliver to the CEO [is to remind] him that he’s going to be a target of an attack and he needs to be even more diligent than everyone else,” said Ames, founder of #HRISChat on Twitter and a board member of the International Association for Human Resource Information Management (IHRIM).
Tom Eston, manager of profiling and penetration for Ohio-based information security management consulting firm SecureState, says CEOs should recognize that if their “most valuable information is what’s sitting on [their] desk or what’s in [their] e-mail … if any of that information is compromised, it could put them personally at a loss and hurt the reputation of the company.” It’s critical that they “know how to better protect that information if a dedicated hacker is going after” them, he added.
First and foremost, executives need to be made aware of types of new attacks. The most popular one is spearfishing—spoofed e-mails or text messages that are designed to get a person to click on a link, enter a site or enter information. Embedding links in news feeds within social media or Twitter messages is another way a hacker can fool a CEO into revealing corporate secrets.
“In a lot of attacks, these people will pretend to be friends and family members—people [the CEOs] know and trust—in order to get them to click a link or visit a site, which compromises their computers. Those are the most popular attack vectors,” Eston said, adding, “We’ve even had cases where people pose as other employees to physically gain access to a building or facility.”
There are other basic things companies can do to help prevent these attacks, including:
“The biggest thing is to make sure the bulk of the work the CEO does is done within the firewalls of the company,” Ames added.
If the idea of telling the CEO he or she needs to be more careful while online seems daunting, start the discussion by reviewing existing company guidelines.
Ideally the HR team has an IT policy to refer to when beginning the conversation about the importance of following the rules. Instead of a “you vs. me scenario,” Ames said, “ideally what [HR] would do is go into that conversation armed with some basic excerpts from their company’s IT policies as it relates to data security.”
CEOs should be aware that what they post online goes a long way, Eston said, “so if they have a Facebook or a Twitter account, they shouldn’t post the location of everywhere they’re going because people can get their routine. It leaves a lot of avenues to be attacked,” he said. Everyone should be mindful of the people they’re sharing information with, too, because “the people they trust could be out there to attack them,” he said, adding that the most popular attacks come from “friends who can get access to their information.”
Aliah D. Wright is an online editor/manager for SHRM and the author of A Necessary Evil: Managing Employee Activity on Facebook, Twitter, LinkedIn … and the Hundreds of Other Social Media Sites (SHRM, 2013).
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies