HR Jetpack

Conclusion

This video is premium content

Register or sign in to gain access.

Lesson Content

In the overnight hours after the 2016 election results had been announced, attackers leveraged an already compromised Harvard.edu email account to send phishing emails to dozens of Washington-based Think Tanks and NGOs. With politicized subject lines, and attachments appearing to be election related data and talking points, the goal of the emails was to deliver trojans to give the attackers remote access into those organizations. The best phishing attacks prey on people’s fears, and in the chaos swirling around a major announcement like an election it is easy to understand why people are in a rush to click without being careful.

This is, unfortunately, what cyberattacks look like. They look like the kinds of communications you might get every day. They aren’t spooky looking foreign characters and screens full of bizarre programming code like you see on TV. The best attacks look like ordinary, daily activity to the people on the receiving end.

As an HR Professional, you are in a unique position of greater than average responsibility over data, with generally less than adequate support to ensure you can function safely. I encourage you to take an inside-out approach by doing everything within your power to secure your accounts and devices to the greatest extent possible. Once you feel you have done everything you can to reduce your personal risks, start thinking about how the company is protecting data. If you see these best practices not being followed, I encourage you to take an active role and work with your colleagues to find solutions to better protect the organization. If you feel that employee data and the company’s reputation are not being taken seriously enough, try to put a dollar-value on the data you have. When you can quantify the risks in terms of dollars, it gets everyone to perk up and take things more seriously. Many organizations feel that if they haven’t been attacked, then they must be safe, or doing security “well-enough”. Putting the risks in context is a great way to make it feel real and important.

Michael Wilson

Instructor:

Michael Wilson

Michael Wilson works with small businesses to build and protect their brands online. He is an IT Generalist whose primary services include: Web Design & Development, Cybersecurity Consulting & Training,...

Michael's Full Bio