More and more employers are automating their human resources processes. Many also integrate their HR processes with interrelated activities, like time and labor or payroll and benefits.
However, the implementation of these technologies has triggered various security risks, including cyberthreats from criminals whose goal is to access confidential data for nefarious purposes. Below are three common cybersecurity threats facing HR.
Employers often use website chatbots to respond to routine HR-related inquiries from job candidates and employees. This frees up time for the HR team, allowing them to focus on higher-level tasks.
But industry experts say cybercriminals are developing fake chatbots that try to deceive candidates and employees by presenting themselves as though they are willing to help. The real purpose is to get candidates and employees to click on phishing links, download malicious files, or share confidential data, like credit card numbers or bank account information.
Remote work increases the probability of telecommuters connecting to home or public routers that are not as secure as the company’s infrastructure. According to an article published by the Information Systems Audit and Control Association, or ISACA, many employees began working from home during the pandemic. In turn, they were connected to networks that were less secure than those offered at the office.
Moreover, employees downloaded various software that was not suggested or approved by their company’s information technology department. Per a 2021 press release by AT&T, research has shown that the majority of remote workers who began working from home due to COVID-19 are unintentionally yet actively causing an increase in cybersecurity risks.
AT&T’s research shows that more than half of all remote workers use their work-specific devices, like computers and tablets, for personal reasons, such as sharing their work equipment with family members.
Form W-2 scams
Form W-2 cyberscams are becoming so widespread that the IRS has developed a process that allows employers and payroll providers to report W-2 scams and any resulting data losses.
One particularly alarming scam is when cybercriminals disguise an email to make it seem as though it’s coming from a company executive. The email — which is sent to someone in HR or on the payroll team — requests a list of all employees’ W-2 forms. The intent is to steal the personal information of as many employees as possible, namely Social Security numbers.
Form W-2 scams are especially dangerous because they appear to be coming from a trusted source within the organization.
HR professionals can counter cyberthreats by emphasizing the importance of data security and raising awareness of these threats. It is advised that they work with their IT team or HR technology vendor to fortify and protect the system’s infrastructure.
Remote teams should have access to secure internet connectivity along with cybersecurity training that teaches them how to utilize their work device safely and responsibly. HR professionals should receive cybersecurity training that is specific to their roles as well.
Keep in mind that cyberattacks aren’t only initiated by strangers. They can be internal and initiated by employees as well, including those who either have already left or are planning to leave the company. As noted by ISACA, from an HR perspective, keeping an eye on employees who no longer work for the company and making sure that they do not have sensitive data in their possession is one of many ways to combat potential internal cyberthreats.