In 2015, news of a major security breach of U.S. government databases made the growing threat of cyber crime all too clear. Chinese hackers had accessed private information of federal employees housed at the Office of Personnel Management (OPM). In the wake of the incident, government officials revealed the personal data of as many as four million current and former employees might have been compromised. Later, that estimate was bumped up to a shocking 21.5 million people.
Many headlines were devoted to the global security and political ramifications of this historic breach, but the event highlights risks we all should be preparing for, especially for those in human resources.
Human resources departments and benefits administrators have access to lots of personal employee information that could potentially be a target for hacking.
Almost everything is digitized now. So, information like social security numbers, bank routing numbers and additional data is gathered as employees are offered more benefits and services that are non-contributory or can be purchased through the employer via payroll deduction. Then that information is often relayed to third parties or other service providers. That’s a lot of data going from the employee to employer to third-party providers – and a lot of opportunities for hacking.
What’s concerning is that, according to the Harvard Business Review, most breaches take time to discover — usually months rather than weeks, and sometimes longer.
But, there are ways to help prevent an attack. Suggested safety measures include password protection and limiting the amount of people who have access to personal employee information.
Events like the Chinese OPM hack should make us more aware about potential risks to employees’ information. It’s vital to maintain awareness of evolving cyber risks and to constantly review additional steps you can take to help protect your HR databases.
Visit our Cyber Knowledge Hub for more about cyber risks your business may face.