How can HR mitigate ransomware attacks?

How can HR mitigate ransomware attacks?

Gone are the days of balaclavas and - criminals of the modern era wear a different mask. Cyberattacks are at an all-time high, with organizations continually looking for new ways to defeat the scam artists.   

Criminals are using increasingly intelligent ways and means of stealing employee data, attacking internal systems and holding companies to ransom. With this new digitally advanced crime on the rise, surely it falls to HR to help mitigate this prevailing issue?  

Recently, an IT employee was fired after officials were forced to fork out a huge ransomware payment. According to local reports, the city’s IT network was infected with malware described as a ‘triple threat’. Zdnet revealed that the employee opened an email with an attached document, which in turn infected the city’s network – downloading ransomware as it went. The ultimate ransom demand, which was paid, amounted to almost $500,000.   

And this is just one incident.   

The spate of cyber-attacks in the recent years has spiked, leaving worried employers frantically looking for help from experts to put an end to the carnage. One way of mitigating any potential threats, both internal and external, is through a competent and intense recruitment drive. A recent report from Deloitte found that employers are working hard to fill the surplus of much-needed cyber security roles in time for 2020. What’s more, research from Hays found that employers are actually redirecting some raises for existing staff to new candidates in order to close this gap.   

Travis O’Rourke, head of talent at Hays Canada Solutions, explained the talent dilemma.    

“Employers tell us time and again that they don’t know where to look for talent and they’re consistently coming up short. For example, we know they rely on generic job boards, but we also know that skilled tech candidates are elsewhere. It’s an unfortunate reality that countless employers’ critical IT security needs remain unsolved because they use resources better suited to students looking for summer jobs.  

“I recently spoke to someone who was in a desperate search for a cyber security expert. Cyber security is often confused with information security so I asked if his staff knew how to safely store documents or what would happen if someone’s laptop went missing. After a long pause, I explained these types of everyday vulnerabilities can sink a company and suggested refocusing on finding an info security pro.”  

Acting proactively rather than curatively will give you organization the edge when it comes to cyber security. A report from ESG uncovered a serious lack of talent in companies, with 53 of leaders reporting a problematic shortage – concerning statistics when you consider that 59% of businesses are at a moderate to extreme risk of attacks.   

One sure-fire way of preventing any attacks is by up-skilling your people. A report from Frist Advantage found that while HR leaders were on the ball in pre-screening their employees before hiring them – it’s essential that they follow up with periodical re-screening.   

In fact, 61% of businesses fail to re-screen employees – whilst just 13% claim to conduct follow-up employee screening in the annual review process. Rescreening is the process in which an employee is reassessed during their employment, in order to both upskill their worker and ensure that their compliance is up to date.  

Reports from the CIFAS show that employee fraud has increased by 45% in the past few years – unsurprising when you consider that 30% of all business failures are down to employee theft. With statistics like this only set to increase thanks to the digital evolution, employers are encouraged to take a proactive approach to re-screening. So, could your organization do with adopting this trending technique? There’s two overriding benefits to introducing the initiative:  

Background check blunders  
Mistakes are often made during the background screening – whether it’s down to an employer’s oversight or deceitful candidates. Re-screening can pick up on any issues that may have slipped through the net during the recruitment process.  

Upskilling employees 
Often roles and responsibilities change during the employee lifecycle. As such, re-screening offers the opportunity to reassess a worker’s compliance. Any new duties an employee is absorbing should come with their own screening process.