Cyber risks for human resources
July 15, 2014
What are they and how can we prevent them?
It was reported on July 9 that Chinese hackers broke into the computer networks of the United States government agency that houses the personal information of all federal employees in March, according to senior American officials. They appeared to be targeting the files on tens of thousands of employees who have applied for top-secret security clearances.
The hackers gained access to some of the databases of the Office of Personnel Management before the federal authorities detected the threat and blocked them from the network. It is not yet clear how far the hackers penetrated the agency’s systems, in which applicants listed their foreign contacts, previous jobs, and personal information like past drug use.
Thankfully, incidences like this are not widespread, according to Lance Henderson. But, they are still risks that are worth preparing for, especially for those in human resources.
Henderson, Head of Sales and Relationship Management for the Zurich Employee Benefits Network, says that human resources departments and benefits administrators have access to lots of personal employee information that could potentially be a target for hacking.
“Everything is digitalized now,” he says. “So, information like social security numbers, bank routing numbers, and additional data is being gathered as employees are offered more benefits and services that are non-contributory or can be purchased through the employer via payroll deduction. Then that information is often relayed to third parties or other service providers. There’s a lot of data going from the employee to employer to third party providers. So there are a lot of opportunities for hacking.”
What’s scary is, according to the Harvard Business Review, most breaches take time to discover — usually months rather than weeks, and sometimes longer, as seen in this month’s incident.
But, there are ways to help prevent an attack. Henderson recommends having password protection and limiting the amount of people who have access to personal employee information.
But this event has sparked curiosity in the topic. What are other cyber risks you should be aware of? And how else do you protect your HR database? Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council, is addressing this and other key points at the Strategic Global Workforce Management Forum in New York. He is speaking on cyber risks in general, as brought forth by The Atlantic Council and Zurich Insurance earlier this year, but also the impact this could have on HR.