The partnership between HR and IT is critical in making sure the future of work is secure as companies transition towards digital transformation and working from home continues. With cyber attacks expected to increase in volume and impact, the HR and IT partnership is more important than ever before in securing your company’s systems, networks, and data.
HR can assist IT in two ways: by helping employees communicate more effectively and by educating them about security best practices. IT team members, in turn, assist HR when it comes to providing new employees with the IT resources they need to succeed. For example, VPNs (virtual private networks) offer a wide range of security protection, as do company-wide software updates. IT also configures business systems for multi-factor authentication, recommends a password manager, provides instructions on how to create strong passwords, secures operating systems, and safeguards work computers and smartphones.
HR professionals can use these cybersecurity tips to increase cybersecurity awareness and help businesses avoid security risks. This is preventative support for IT teams that makes their jobs a little easier.
Cybersecurity Tip #1: Recognizing Phishing Attempts
Phishing attempts continue to significantly grow as the digital workforce evolves. In 2021, 83% of organizations reported they had experienced a successful phishing attack. Employees following cybersecurity best practices can help prevent data breaches from malicious emails.
The following steps help employees recognize attacks from suspicious emails:
✅ Look at the “From:” email address, not just the name of the sender. Inboxes of most email programs don’t show a sender’s actual email address. Looking at the email address verifies the sender domain is not suspicious. If the domain used does not match the company website, then it’s likely a hacking attempt.
✅ Look at the recipient(s) in the “To:” line. If an email requesting action on your part is not directed to you specifically, it is probably a cyber attack attempt.
✅ Hover over the link to a web page. If the message has a link to a web page, hover over it. If the link goes to a web page that isn’t on the domain of the brand the email claims to come from, don’t click on it. It is probably a fraudulent page.
✅ Look for misspellings, bad grammar, or bad formatting. Not all phishing messages have them, but many do.
✅ Be suspicious of any messages from organizations that ask you for your personal information. No reputable organization will send you an email asking you to click on a link and then provide personal information, like your password. A legitimate email would direct you to go to the company's website to log into your account and update the information there.
Cybersecurity Tip #2: Practice Good Password Management
Don’t make it easy for cybercriminals to access business and personal accounts by following these good password practices:
✅ Use long and strong passwords. As a general rule, the longer and more complex the better, as it makes them harder to crack. Use at least 12 characters, using a combination of upper and lower case characters, numbers and symbols.
✅ If allowed, consider using passphrases instead of passwords. A passphrase is a sequence of words or text. A long passphrase is better than a complex, shorter password and a lot easier to remember. Examples of passphrases are: “My cousin bought a sailboat in 2021!” or “The groundhog usually sees his shadow on February 2.”
✅ Activate multi factor authentication. Two factor authentication requires two separate, distinct forms of identification in order to log into a system. The first factor is a password. The second factor is often a code sent to your smartphone or email address, but may also be some biometric factor such as your fingerprint or face. Hackers might be able to crack your password, but chances are that they won’t be able to provide the second authentication factor, and therefore won’t be able to get into your account.
✅ Change passwords or passphrases regularly — at least twice a year for personal accounts. Businesses should require employees to update passwords every 30-90 days.
✅ Consider using a password manager utility. This is a solution that securely stores all of your passwords and passphrases in one place. You just have to remember one password to have access to the secure passwords for all of your devices and services. Some examples include Keeper, LastPass and 1Password. Your organization may support a preferred password manager.
✅ Don't write passwords down. If you must, carry them with you. Don’t leave them at your workstation. No sticky notes on your computer monitor or in the top drawer of your desk!
✅ Don’t send your passwords to anyone — including yourself — via email, phone or voicemail.
Cybersecurity Tip #3: Use a VPN When Working Remotely
Remote work using home or public wifi networks is a risk that can be mitigated by a Virtual Private Network (VPN). A VPN ensures that all data transmitted between an employee's computer/device and your organization’s network is secure. IT departments are responsible for setting up employees with VPN access.
When doing remote work, always connect to your organization’s network(s) using a VPN.
Using a VPN is particularly important if you are using public wifi. If you log into your work accounts without using a VPN, cybercriminals could intercept your activity over wifi and capture your password credentials and sensitive information, the content of any emails you send, and the content of any unsecured web pages you visit.
Cybersecurity Tip #4: Keep Files in the Cloud or on Your Organization’s Networks
When you are working on sensitive files, don’t copy them to your computer or device’s local drive. Work on them in their secure location in the cloud or on your organization’s network. That way, if your computer or device is compromised or stolen, the secure data stays secure.
Cybersecurity Tip #5: Don’t Send Sensitive Information by Email
Hackers can intercept email messages in transit, if messages contain any sensitive or personal information, they can access it. Out of all the cybersecurity best practices, this is one of those security tips that should be top of mind at all times.
IT departments are responsible for information security and helping employees set up security software that encrypts data stored on a computer/device, communications, and file transfers. Ask your IT team for additional information security tips on this topic.
Cybersecurity Tip #6: Install Software Updates as Soon as They Become Available
Cybersecurity hackers use vulnerabilities in operating systems and applications software on computers and devices to launch malware attacks. Software developers release security updates or patches for their software as soon as they find out about these vulnerabilities. An estimated 60% of all data breaches are the result of cybersecurity criminals exploiting known vulnerabilities for which patches are available, but have not been installed.
Make it a cybersecurity habit of installing software updates on your computer and devices whenever they become available. As well as operating systems, the following types of software should be updated:
- Web browsers
- Email software
- Instant messaging software
- Office productivity software
- Personal firewalls
Need More Cybersecurity Tips?
It's hard to keep up with the latest security threats and solutions because IT security is continuously reinventing itself. HR leaders should seek advice from IT to stay abreast of the most recent security strategies and best practices. A strong alliance between HR and IT will help protect the company from cyber dangers.
Cybersecurity Training Courses
Getting employees on the same page about good security habits can be achieved by adding IT security training to your compliance program. IT security training should be included in new employee training and annual employee training.
Vubiz' IT Security online courses can be easily added to your learning management system (LMS). Don't have an LMS? You can run training for your entire workforce using the Vubiz learning platform. If your IT team wants to customize training in order to meet their security goals, you can do that as well. To learn more about our customization options, request a personalized demo today!