The theme all throughout this course has been that HR is a more target rich environment than many of the departments you may work alongside. Attackers would feel that it is easier to compromise a person who works in HR and steal their account, rather than to “hack” through the security protocols put in place by IT. As a result, it is reasonable to expect more attacks, including phishing, aimed at stealing your data or accessing your accounts. HR professionals need to be diligent not to fall victim to phishing attacks because so much of their professional reputation is tied to their ability to keep things confidential and protected. Trust is a huge component of the relationship HR builds with management and the rest of the organization and you must be someone who can be trusted with critical information.

As we move into the future, it is very likely that new tools will emerge to better protect people against phishing attacks. But until Artificial Intelligence or AI and machine learning can better detect these attacks and warn users, everyone needs to think defensively. In the physical world, it is common for the phrase, “If you see something, say something” to be used by law enforcement. The same is true online. If you see anything unfamiliar, untrustworthy, or at all suspicious it is ok to ask an IT person for input. Or go to Google and seek out more information about that email account, website, or source. Knowledge is power and it is crucial that you are in control of your online life.

HR has a valuable role to play in communicating the expectations and policies of the organization with the entire staff. Find any way you can to partner with management and IT to effectively communicate security best practices with the entire company.