You could be Tweeting on your mobile device or downloading a document from your desktop, and before you know it, you’ve been hacked.
Despite educating and protecting our devices regularly, cybercriminals are developing new ways to hack systems at the same speed.
Businesses are hugely attractive to cybercriminals due to the breadth and depth of data they maintain – whether it be personal records or financial log-in information. In fact, every 40 seconds a business falls victim to a ransomware attack. And this number is predicted to grow to every 14 seconds by 2019. On top of that, its reported that 99 percent of computers are vulnerable to cyber attacks. Needless to say, cybersecurity is no longer optional.
As HR professionals, you have the ability to help prepare and arm your organization with tight cybersecurity. You may work in tandem with your IT department or CTO to do so, but your role in caring for employees offers the platform to reach your employee base.
With Annual Enrollment right around the corner, employees will be logging even more time online and receiving myriad communications, your organization needs to be armed and prepared with best practices in security. We did some spring cleaning in April to sharpen up cybersecurity protocols, and now it’s time to run through the Annual Enrollment checklist:
- Protect physical assets: Are your employees’ computers set to an auto-timer for screen locking after a certain timeframe of non-use? If not, strongly consider putting an auto-lock across the organization for anywhere from 5 – 20 minutes. This minimizes unauthorized access to the physical computer, keeping data and personal information safe.
- Enhanced password controls: Passwords can be easier to predict than you may imagine, so setting up extra layers of security is wise. This may be through a physical security fob or a single sign-on process that sends a passcode to the employee’s mobile device to be entered to validate the person signing in. You might also consider encouraging employees to use password managers to generate unique, complex passwords.
- Update antivirus/malware applications: Every computer belonging to your organization should have antivirus/security software installed that is actively scanning for malware on a set schedule. Ideally, you already have these in place as they should be active throughout the year to protect employee and organization data, not only during AE. If they haven’t been updated recently, initiate that as soon as possible to be best prepared before enrollment.
- Retrain employees: More than 90 percent of cyber attacks are successfully executed with information stolen from employees – most of whom are innocent victims of phishing attacks. During AE, employees may receive emails from unknown senders or auto-messages about enrollment, so it’s imperative to ensure they have a strong understanding of how to identify and report phishing attempts. Conduct a refresher training program or quiz to remind employees how to best keep their eyes out for hacking attempts.
- Get your C-suite involved: Cybersecurity is every man’s responsibility in this day and age when organizations are so vulnerable. Your C-suite needs to know and understand the risks to company and customer data, as well as the security practices and tools to mitigate these risks. Prior to AE, schedule a run-through of what security protocols are in place and how they can actively engage in keeping the organization safe from cybercriminals and keep them updated throughout AE on the status of security efforts.