The numbers may surprise you. A full 65% of U.S. companies have experienced a data breach, according to the 2019 Thales Data Threat Report, an annual survey of C-level IT executives. 36% of these breaches have occurred in the last year alone.
While it’s up to your IT department to ensure your company’s systems are as technologically secure as possible, HR plays a critical role, too. Cyber security is every employee’s business—and as the bridge between IT and the rest of the workforce, HR is responsible for making sure every worker has the knowledge to do his or her part.
As part of the HR department, you’re entrusted with some of your company’s most sensitive data—namely, your employees’ Personally Identifiable Information, or PII. This requires your HR and payroll systems to meet the highest data security standards. Period.
It’s because of these security needs that HR professionals find themselves learning more about cyber security more than ever. From your HR software to conducting employee training, it’s not just an IT issue anymore.
Why Employees May Be Your Weakest Link
Two-thirds of corporate data breaches are caused by employee negligence or malice, according to an analysis of claim data conducted by Willis Towers Watson. Often, employees simply don’t recognize cyber scams for what they are.
For example, last fall, the FBI issued a public warning to employers regarding a phishing scam that targeted employees’ online payroll accounts.
In this scheme, the cyber-criminals used what looked like company emails to request an employee’s login credentials. When unsuspecting employees responded, the hackers would then log into the payroll system and redirect that employee’s direct deposit to a bank account of their own.
By the time the employer and employees realized there was a problem, the money was gone. A little proactive employee training could have saved the day.
Maximizing Employee Training on Cyber Security
Many employers do conduct annual cyber security training—but it’s often in the form of one-size-fits-all, third-party training videos. While some training is better than none at all, if the approach is too technical—which is not uncommon—employees may not get it. (Chances are, if you don’t understand it, your employees won’t either.)
Ideally, employee training should be relevant to your workers specifically and their roles within the company. Training should be lively, interesting, and offered in short sessions, covering email scams, internet browsing and social media risks.
In addition to annual training exercises, experts recommend that employers:
- Make cyber security training part of the onboarding process. Start raising awareness on your new hires’ first day.
- Address cyber security standards and procedures in your employee handbook, and update as often as needed. (Cyber security is a constantly evolving target.)
- Incorporate good cyber security practice into your workplace culture. Help employees build the habit of reporting suspicious online activities immediately.
- Develop communication guidelines for employees in the event of a data breach.
- Alert employees when threats occur, including how to respond. Be transparent.
Some security-minded employers actually conduct fake phishing attacks and see how employees respond, then provide coaching as needed. These exercises can be very effective (no seminar or video can replace a real-life experience), but be careful not to conduct these in a way that may leave workers feeling tricked, targeted, or embarrassed.
By investing in employee cyber-security training, you not only empower workers to protect the company, but provide them with significant skills they can carry over into other aspects of their lives.
Are Your HR and Payroll Systems Secure?
When it comes to cyber security and HR, a trained, vigilant workforce is only half the story. Whether you use a cloud-based HR and payroll system or still rely on on-premise software, it’s critical that your systems—and the PII stored within them—are as secure as possible.
Every HR software provider will assure you that its system is secure, but at EPAY Systems, we can prove it. We are one of the only time and labor providers to receive FedRAMP certification from the U.S. government.
Under FedRAMP—The Federal Authorization Management Program—government agencies are mandated to use state-of-the-art, cloud-based software that has met only the highest levels of cyber security.
To achieve this status, we met more than 350 mandated security standards. Our employees receive advanced security training and we continually conduct extensive security assessments and scans of our system, while maintaining 99.95% server uptime.
Because of this, we were named time and labor tracking provider for the U.S. Army’s Moral Welfare & Recreation (MWR) division in 2016, tracking more than 30,000 Army employees, spread over 100 garrisons around the world. Recently, we have been named time and labor provider for the U.S. 2020 Census Project as well.