Cybersecurity 101 for HR Pros
Think about all of the data your organization collects from employees, partners, and customers. Emails, documents, research, and other confidential information can be worth millions to an attacker. For criminals, attacking data centers directly can be time consuming and risky, so instead they seek out vulnerable employees with a high level of access. HR Professionals find themselves in the crosshairs because they are often the perfect target for those attackers.
Cybersecurity for HR Professionals aims to teach anyone, not just what to do in order to be more secure, but why those steps are important. Students will walk away with an understanding for how criminals take advantage of people online, and will be better able to protect themselves and their businesses. The course is a bridge between the information security world and day-to-day HR functions. High level best practices are distilled into a working knowledge that anyone who uses a computer every day will be able to grasp.
In this course, we'll tackle the basics of securing your accounts and devices and work our way to real world cases of political espionage and tax fraud. Along the way, we will cover major I.T. buzzwords such as:
Don't let your team make headlines for the wrong reasons! HR is in a unique position to help protect its organization. Note: The information in this course should be used as a guide. Always check with your IT department before implementing any changes to ensure it aligns with their directives and remains compliant with appropriate laws.
HR Jetpack is recognized by SHRM to offer Professional Development Credits (PDCs) for SHRM-CP or SHRM-SCP. This program is valid for 1.0 PDCs for the SHRM-CP or SHRM-SCP. For more information about certification or recertification, please visit shrmcertification.org.
This activity, has been approved for 1.0 HR (General) recertification credit hours toward aPHR™, PHR®, PHRca®, SPHR®, GPHR®, PHRi™ and SPHRi™ recertification through HR Certification Institute® (HRCI®). For more information about certification or recertification, please visit the HR Certification Institute website at www.hrci.org.
The use of the HRCI seal confirms that this activity has met HR Certification Institute's® (HRCI®) criteria for recertification credit pre-approval.
Module: Securing Your Devices
Device security begins with a decision that you will protect yourself: your data, identity, reputation, workplace standing, and so on while using every device you come in contact with. For the sake of differentiation, I will define work or personal devices relative to who owns or issued the device. The main difference between the two will be that you have far more flexibility to make changes to personal devices than those issued through an IT department who will have pre-loaded it with company-specific limitations. Functionally, any device you have access to and use to log into your accounts will need to be secured and protected following a similar model.
Security, in every sense, is something you need to take an active role. Those who are the least secure are typically those who assume appropriate protections are in place and don’t take personal responsibility over their safety. I work with people all the time who are shocked by how easy much of cybersecurity can be, they just never had someone to guide them through it. Tech companies also understand that most people don’t want to be bothered configuring devices, and getting things setup, so they sell goods which are ready to “plug and play” or “no setup required”. This is a successful, but dangerous way to sell and distribute products.
Every computer or tech gadget you buy should probably be audited for security purposes when you are first getting it turned on and connected to your network. Any poorly secured device from computers to mobile devices like smartphones and tablets to peripherals like printers and webcams can be used against you if compromised. There are just so many ways for a bad guy to get in these days that it is crucial that you are thoughtful and considerate to what you allow to connect to the internet, and how you set it up. Never assume that the manufacturer or provider, even in your own company, has done their due diligence to protect the device before it winds up in your hands.
The average family home has 10+ connected devices, and plenty of modern families have dozens when you consider everything that goes into a modern home: internet modems and routers, Smart TVs and all of the cable boxes, DVRs, game consoles, and streaming media boxes. Then there are also all new “smart home” accessories from light bulbs to thermostats and just about every appliance imaginable is now sold with an internet connection and companion app.
Managing the complexity of a home network should give you an appreciation of what your IT department has to deal with. All of the devices employees are provided with, along with everything staff and visitors bring into the building or connect to the company network create massive challenges for both policy and enforcement.
In this day and age, work and personal life are constantly mixing. People open work email on their personal smartphone, or check personal social media accounts from workplace devices. From a cybersecurity standpoint, you have a risk of causing damage to the company through your personal actions, and a risk of affecting your identity or personal life through workplace actions. Neither you or the company are ever completely in control of the situation.
With that in mind, let’s take a look at how best to secure and protect your devices.
You completed 0% of this lesson
You completed 0% of this course
Lessons Not Completed:
Michael Wilson works with small businesses to build and protect their brands online. He is an IT Generalist whose primary services include: Web Design & Development, Cybersecurity Consulting & Training, and Social Media Marketing. He also provides outside support for organizations that need someone managing their email & web hosting. He has a Bachelor's Degree...