Lately, the news has lead with stories about the alleged Russian hacking of various American political organizations, ostensibly for the purpose of influencing the 2016 elections. U.S. law enforcement has surmised that the Russian government orchestrated a number of incursions into networks controlled by the major political parties, and that they used or disclosed certain information. You’ll recall the leaks of major Democrat Party and Clinton campaign e-mails. Now, news reports claim that the investigation revealed the Russian government may have collected compromising information about President-elect Trump.
As with any hacking story, we can’t be sure exactly what’s out there or what’s real. However, we can’t deny that hacking goes on beyond government and politics. Private organizations and businesses are just as enticing to data thieves, and are often softer targets. We have seen prominent data thefts from all industries: telecommunications, manufacturing, tech, and consulting are all targets.
Human Resources in any organization plays a critical role in firming up an organization’s data security and cyber defenses. Data security has to take account of both internal threats (from employees and other insiders) and external threats (from data thieves and other hackers who want your information for personal gain or for other reasons). In this regard, Human Resources should assess the following:
- Do we have safeguards in place to protect against internal data thefts? At a minimum, your employees with access to competitive or proprietary data should have confidentiality agreements, and the organization should have a policy in place to allow for monitoring use of company systems and advise employees that their use will be monitored. Also, walk around your office and see how many people have their passwords stuck to their computer on a Post-It note – any example you find is a weakness just begging to be exploited.
- Do your people know how to spot threats? Attacks can come from any number of directions. For example, employees need to report suspicious activity, like a fellow employee who shows an inordinate amount of interest in data not related to his or her job. Also, employees often download data onto external storage media like hard drives or USB drives. Is your company preventing or monitoring these kinds of activities?
- Are your employees easy marks? Hackers today gain access through any number of inventive ways. You need to ensure that your employees are trained to spot and report suspicious behavior like phishing, social engineering, and attempts to introduce malware into your organization’s systems. If any of these terms is unfamiliar to you, you need to get moving!
Training your people is the first way to prevent these attacks, because data thieves see your people as the easiest way into your system.