Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm

    • Protect the environment. Think before you print.

Cyber risks for human resources

November 28, 2017

Is your HR department doing enough to protect employees’ information?

server room

In 2015, news of a major security breach of U.S. government databases made the growing threat of cyber crime all too clear. Chinese hackers had accessed private information of federal employees housed at the Office of Personnel Management (OPM). In the wake of the incident, government officials revealed the personal data of as many as four million current and former employees might have been compromised. Later, that estimate was bumped up to a shocking 21.5 million people.

Many headlines were devoted to the global security and political ramifications of this historic breach, but the event highlights risks we all should be preparing for, especially for those in human resources.

Human resources departments and benefits administrators have access to lots of personal employee information that could potentially be a target for hacking.

Almost everything is digitized now. So, information like social security numbers, bank routing numbers and additional data is gathered as employees are offered more benefits and services that are non-contributory or can be purchased through the employer via payroll deduction. Then that information is often relayed to third parties or other service providers. That’s a lot of data going from the employee to employer to third-party providers – and a lot of opportunities for hacking.

What’s concerning is that, according to the Harvard Business Review, most breaches take time to discover — usually months rather than weeks, and sometimes longer.

But, there are ways to help prevent an attack. Suggested safety measures include password protection and limiting the amount of people who have access to personal employee information.

Events like the Chinese OPM hack should make us more aware about potential risks to employees’ information. It’s vital to maintain awareness of evolving cyber risks and to constantly review additional steps you can take to help protect your HR databases.

Visit our Cyber Knowledge Hub for more about cyber risks your business may face.

The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.

Related Industries

Technology

Related products and solutions

Cybersecurity and privacy