Get in Touch
Preventing Year End Payroll Phishing
Cybercrime
Last year I was told by many Human Resources Professionals that they received a request from their CEO asking for a list of employees with salary information. Many were lucky in that they did not send information, but some were not and sent out sensitive employee information.
It turned out to be a phishing scam. All the employees’ information has been compromised and the work to repair and protect was tremendous.
According to the Society for Human Resource Management, between January and March of last year, more than 55 businesses had reportedly been tricked into e-mailing criminals sensitive payroll data. It’s easy for anyone – especially unseasoned HR professionals – to become deceived when receiving fake email messages requesting sensitive employee information.
Rather than instill fear in your team about a cybercrime hitting your organization, it’s best to be proactive about minimizing the harmful effects of phishing scams.
Here are some key tips for educating your employees about how to identify and prevent phishing scams:
Train employees about cybersecurity awareness. When it comes to preventing cybercrimes, knowledge is power. As you onboard new HR professionals, cybersecurity education should be a top priority. Comprehensive cybersecurity training should be given to all new employees, while seasoned staff should receive refresher trainings annually. Ample training will help your employees become aware of how to identify an email threat, as well as how to communicate sensitive employee information. In general, it’s best to instruct your employees about the importance of avoiding electronic requests for sensitive data.
Establish policies for communicating employee information. Establishing strict policies and protocols for communicating employee information will help your employees learn how to spot red flags, as well as eliminate confusion about how to handle questionable electronic communication. For example, one of the most common phishing scams involves hackers getting ahold of employees’ W-2 forms, in which they can then acquire social security numbers, birthdates, addresses and other highly sensitive information. When it comes to the handling of sensitive information, your employees should follow a pre-determined set of guidelines before electronically releasing any private employee data to an unknown third party.
Build a culture of transparency. While training and education is beneficial, it’s important to remember that mistakes can still happen. Instead of threatening workers if an unforeseen incident should occur, it’s best to build a culture of transparency. Create a work environment in which every employee feels comfortable reporting incidents and asking questions about how to handle uncertain situations. By empowering your employees to speak up, you can help prevent cybersecurity problems from spiraling out of control and potentially resulting in a complete invasion of your employees’ privacy.
The rise of cybercrimes in the U.S. has propelled the need for companies to take preventative measures very seriously. Implementing the practices above will give your HR team the preparation and tools they need to handle cybercrime threats efficiently and effectively, preventing potential harm to your organization.
Are you lacking HR workers equipped to handle cybersecurity threats in 2018?
Call Nielsen Associates , a leading staffing provider of permanent and contract human resources, marketing, sales, information technology (IT) and accounting/finance professionals on Long Island and in the tri-state area.
