This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
A hack attack on a chief executive officer can be a very lucrative enterprise. Experts say that’s because CEOs’ access to high-level information might be the keys to their corporate kingdoms.
“If someone is out there trying to plan a cyberattack, they’ll try to hack into [a CEO’s] e-mail or his laptop remotely because they know he’s going to be the holder of the most sensitive information,” said Jeremy Ames, president of Gaucho Group, an HR technology consultancy based in Massachusetts.
Incidences of cyberhacking are increasing. As the
Los Angeles Times reported during the spring of 2013, “the nation’s top intelligence officials warned in a Senate hearing that cyberattacks and digital spying have eclipsed terrorism as the top threat to national security.”
Furthermore, in a nationwide study of 265 C-level executives—44 of whom were CEOs—51 percent said their company experiences cyberattacks daily or hourly. The study,
The Business Case for Data Protection by Michigan-based data security consultancy the Ponemon Institute, was conducted in 2012.
Educate Executives to Reduce Potential Threats
Experts say the best arsenal in the defense of such activity is education—especially for senior executives. “The message that the HR team can deliver to the CEO [is to remind] him that he’s going to be a target of an attack and he needs to be even more diligent than everyone else,” said Ames, founder of #HRISChat on Twitter and a board member of the International Association for Human Resource Information Management (IHRIM).
Tom Eston, manager of profiling and penetration for Ohio-based information security management consulting firm SecureState, says CEOs should recognize that if their “most valuable information is what’s sitting on [their] desk or what’s in [their] e-mail … if any of that information is compromised, it could put them personally at a loss and hurt the reputation of the company.” It’s critical that they “know how to better protect that information if a dedicated hacker is going after” them, he added.
First and foremost, executives need to be made aware of types of new attacks. The most popular one is spearfishing—spoofed e-mails or text messages that are designed to get a person to click on a link, enter a site or enter information. Embedding links in news feeds within social media or Twitter messages is another way a hacker can fool a CEO into revealing corporate secrets.
“In a lot of attacks, these people will pretend to be friends and family members—people [the CEOs] know and trust—in order to get them to click a link or visit a site, which compromises their computers. Those are the most popular attack vectors,” Eston said, adding, “We’ve even had cases where people pose as other employees to physically gain access to a building or facility.”
There are other basic things companies can do to help prevent these attacks, including:
“The biggest thing is to make sure the bulk of the work the CEO does is done within the firewalls of the company,” Ames added.
If the idea of telling the CEO he or she needs to be more careful while online seems daunting, start the discussion by reviewing existing company guidelines.
Ideally the HR team has an IT policy to refer to when beginning the conversation about the importance of following the rules. Instead of a “you vs. me scenario,” Ames said, “ideally what [HR] would do is go into that conversation armed with some basic excerpts from their company’s IT policies as it relates to data security.”
CEOs should be aware that what they post online goes a long way, Eston said, “so if they have a Facebook or a Twitter account, they shouldn’t post the location of everywhere they’re going because people can get their routine. It leaves a lot of avenues to be attacked,” he said. Everyone should be mindful of the people they’re sharing information with, too, because “the people they trust could be out there to attack them,” he said, adding that the most popular attacks come from “friends who can get access to their information.”
Aliah D. Wright is an online editor/manager for SHRM and the author of A Necessary Evil: Managing Employee Activity on Facebook, Twitter, LinkedIn … and the Hundreds of Other Social Media Sites (SHRM, 2013).
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
SHRM Member Discounts Program
SHRM’s HR Vendor Directory contains over 10,000 companies