Not yet a Member?
HR Magazine is highlighting the next generation of HR leaders.
Is your employee handbook ready for the New Year? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Attend a comprehensive, instructor-led review before you sit for your SHRM exam.
Learn to implement the complex changes and ensure compliance with the FLSA. 2-Week Virtual Seminar, Nov 29-Dec 8.
Sony. Anthem. Target. The federal government.
Large-scale cyber breaches dominate the headlines and cost companies tens of millions of dollars. In the latest news, Office of Personnel Management Director Katherine Archuleta announced July 10 that she was resigning, a day after the government announced that more than 22 million people had their information stolen in two large cyberattacks on the government’s HR agency. While these mega-breaches receive the most media coverage, hackers are also now targeting smaller companies.
As observed by Security Magazine, human resource leaders, teaming with IT professionals, sit in a critical position to help prevent and mitigate loss. According to the Identity Theft Resource Center, the 380 reported cyber breaches in the U.S., as of June 23, 2015, resulted in the exposure of 117,381,357 records, many of these involving employee data. And these are just the reported breaches. Further, the vast majority of these incidents were not the Sonys or Anthems of the world; small to midsize companies are equally—if not more—vulnerable to attack.
Below are four steps that human resource managers can take to evaluate and hedge against cyber risk.
The easiest way hackers enter a network is through employees.
In a 2012 study on cybersecurity mistakes, global auditing firm KPMG observed that “the human factor” remains “the weakest link in relation to [cyber]security.” Education strengthens that weak link.
Hackers often target smaller companies, betting on fewer safeguards and an internal sense of invulnerability (i.e., we’re too small to be attacked). The most common security threats remain phishing (such as the deposed Nigerian prince who needs your help), viruses attached to unsecured or unknown downloads, and open Wi-Fi accounts. Educating employees on these vulnerabilities and how to protect against them is a first line of defense against cyberattacks. To accomplish this, HR professionals should team with IT leaders to develop curriculum and training programs to educate the workforce on the do’s and don’ts and protocols relating to cybersecurity.
Education must be paired with compliance monitoring, which is accomplished in several ways.
Every employer has—or should have—insurance, and every policy has limitations. For example:
Audit and Fill the Gaps
Not everyone is knowledgeable about insurance. Policies are dense, terse and written in ways that can seem nearly incomprehensible. But someone needs to understand and assess these policies to determine if adequate coverage exists. Brokers can provide a degree of comfort with regard to policy terms and conditions; however, insurance coverage attorneys and independent auditors can ensure the most appropriate coverage.
While knowledge is critical to loss prevention, in the event of a breach, mitigation becomes key. The most effective mitigation tool is appropriate cyber-liability insurance coverage. Performing a policy audit is critical to ensuring appropriate coverage. Cyber policies are becoming a necessity, not just a luxury, and even with loss-prevention protocols in place, companies should maintain specialized cyber policies with generous limits.
Franklin R. Cragle III is a trial lawyer and member of the Insurance Recovery Team at Hirschler Fleischer in Richmond, Va.He may be reached at email@example.com.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies