The fact that computer systems are vulnerable to hacking is nothing new. A day doesn’t go by when we don’t see a news report of some major company being hacked. In October of this year numerous sites were affected when a company that monitors and reroutes internet traffic was attacked. That is the big stuff we hear about all the time, but futurist and hacker Pablos Holman says the big cyberattacks are not really the big problem, rather smaller disruptions are the bigger issue.
Certainly if there is a big cyberattack many of us are inconvenienced but usually our personal and intellectual property and data isn’t being stolen. Holman says that as a hacker he would not make a major attack. He would rather quietly reside in someone’s computer system and steal IDs and ideas. In a major attack he would eventually get shut out of the system. By quietly disrupting things he can reside in it system for a long time. A lot of small companies are now the potential victims of this kind of thinking.
Small Business Is the Target
According to writer Elizabeth MacDonald, cyber attacks on small businesses are on the rise.“It’s now small mom-and-pop businesses of all stripes [that are the targets] — retail shops, leisure activity businesses, hotels, health clinics, even colleges are getting hammered by cyber criminals. And it’s pushing many entrepreneurs to the verge of bankruptcy.” They obviously look for the business’s banking information, but employee records may also be very susceptible. She goes on to say that “the cyber crooks steal small business information to do things like rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; commit health insurance or Medicare fraud; or even steal intellectual property. The criminals can also hijack a small business’s website to cyberhack other small businesses.”
Like Holman said: “The computer user will be unaware their device has been infected, as a sophisticated hacker will not expose themselves. All the same, the hacker now has the ability to recruit the computer for a botnet attack, or search files and folders for credit card numbers, passwords or similar valuable data.”
How to Best Protect the Company
There a lot of articles and posts offering solutions and tactics to prevent cyberattacks and hacking (for example 7 easy ways to avoid being hacked). Having good data security policies that are enforced by good HR practices will help significantly. But HR also needs to be sure they are observing security best practices with their own data. Most current HR systems operate in the cloud, so you need to be sure that the information in the HRIS is secure. Certainly the vendor will offer those assurances but what else could you do?
How about hiring a hacker to review your security as a consultant? If you are a bigger company how about hiring a hacker to be on the staff? At the very least you should have a company that can review your vulnerability points.
Of course hiring a hacker has its own risks, so those good HR interviewing skills will be put to the test, but with the lives of employees and customers at stake it might be worth considering.