What can HR do to prevent cybercrime?

Anticipating cybercrime could help HR departments take better steps toward cybersecurity.

Anticipating cybercrime could help HR departments take better steps toward cybersecurity.

In recent years, many high-profile incidents have involved hackers accessing confidential information to thwart the online privacy of government organizations. Because of this evolving threat, every department of a company or government organization should be on their guard, including HR. As the Society for Human Resource Management (SHRM) reports, a recent cyberattack on the United States Office of Personnel Management (OPM) shows the value of employee information.

Because HRIS systems can come into contact with numerous kinds of important, employee-specific data, administrators and department heads should expect to be targeted by criminals. In this specific incident, who discovered an "intrusion" into its IT systems this April and has committed to notify the millions potentially affected.

An official website cited by the article said that the breach could have compromised Social Security Numbers, as well as birth dates and addresses. The response has included a continuous plan to evaluate protocols and safeguard sensitive information.

Security software firm CEO Mike Fleck told SHRM about some of the ways that HR will have to set the example for protecting data, since HR is often close to some of the most sensitive information of employees. He specifically calls for a new way of approaching possible problems. 

"This starts with HR leaders getting a new baseline for risk tolerance," Fleck said. "Stop thinking about risk in terms of whether or not an attacker can compromise your network; instead evaluate risk knowing that attackers have already compromised your network and they are actively looking for high-value information to steal," he added.

With this attitude, businesses should prioritize security capabilities in an HR solution before implementing it within their own organization. An HR consulting company can be instrumental in guiding the selection process based on risk and a professional history of vulnerabilities.