Get access to the exclusive HR Resources you need to succeed in 2018.
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 14 cities across the U.S. this fall.
Gain the skills you need to rise to the next level in your career. Jon us at SHRM's Leadership Development Forum, October 2-3 in Boston.
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Sony. Anthem. Target. The federal government.
Large-scale cyber breaches dominate the headlines and cost companies tens of millions of dollars. In the latest news, Office of Personnel Management Director Katherine Archuleta announced July 10 that she was resigning, a day after the government announced that more than 22 million people had their information stolen in two large cyberattacks on the government’s HR agency. While these mega-breaches receive the most media coverage, hackers are also now targeting smaller companies.
As observed by Security Magazine, human resource leaders, teaming with IT professionals, sit in a critical position to help prevent and mitigate loss. According to the Identity Theft Resource Center, the 380 reported cyber breaches in the U.S., as of June 23, 2015, resulted in the exposure of 117,381,357 records, many of these involving employee data. And these are just the reported breaches. Further, the vast majority of these incidents were not the Sonys or Anthems of the world; small to midsize companies are equally—if not more—vulnerable to attack.
Below are four steps that human resource managers can take to evaluate and hedge against cyber risk.
The easiest way hackers enter a network is through employees.
In a 2012 study on cybersecurity mistakes, global auditing firm KPMG observed that “the human factor” remains “the weakest link in relation to [cyber]security.” Education strengthens that weak link.
Hackers often target smaller companies, betting on fewer safeguards and an internal sense of invulnerability (i.e., we’re too small to be attacked). The most common security threats remain phishing (such as the deposed Nigerian prince who needs your help), viruses attached to unsecured or unknown downloads, and open Wi-Fi accounts. Educating employees on these vulnerabilities and how to protect against them is a first line of defense against cyberattacks. To accomplish this, HR professionals should team with IT leaders to develop curriculum and training programs to educate the workforce on the do’s and don’ts and protocols relating to cybersecurity.
Education must be paired with compliance monitoring, which is accomplished in several ways.
Every employer has—or should have—insurance, and every policy has limitations. For example:
Audit and Fill the Gaps
Not everyone is knowledgeable about insurance. Policies are dense, terse and written in ways that can seem nearly incomprehensible. But someone needs to understand and assess these policies to determine if adequate coverage exists. Brokers can provide a degree of comfort with regard to policy terms and conditions; however, insurance coverage attorneys and independent auditors can ensure the most appropriate coverage.
While knowledge is critical to loss prevention, in the event of a breach, mitigation becomes key. The most effective mitigation tool is appropriate cyber-liability insurance coverage. Performing a policy audit is critical to ensuring appropriate coverage. Cyber policies are becoming a necessity, not just a luxury, and even with loss-prevention protocols in place, companies should maintain specialized cyber policies with generous limits.
Franklin R. Cragle III is a trial lawyer and member of the Insurance Recovery Team at Hirschler Fleischer in Richmond, Va.He may be reached at firstname.lastname@example.org.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies