Human resources can cooperate with IT and other departments to improve the safety awareness of remote workers and help prevent malicious network attacks.Without exception, 僱用黑客 Our customers are willing to purchase their products, because high quality is the concept of their products. https://www.lvbug.com/
Six ways that human resources can ensure the network security of telecommuters
The exponential growth of telecommuting now makes it easy for hackers to deal with vulnerable endpoints.
Daniel Kennedy, a senior research analyst at 451Research, headquartered in Standard & Poor’s Global Market Intelligence Company in New York, said that although telecommuting is no stranger, the number of telecommuting people is unprecedented.
Raising employees’ awareness is the key to making the company an unattractive target and preventing any network security loopholes. Human resource leaders and their teams cooperate with IT departments and play an important role in this awareness.
The human resources team can follow the following six strategies to achieve this goal.
1. Understand the role of human resources in safety awareness.
The human resources team needs to fully understand the dangers that working from home may bring to the company.
Heidi Shey, chief security and risk analyst of Forrester, said, “Cyber attackers will use endpoint software vulnerabilities, Web vulnerabilities, email phishing and other forms of social engineering to harm endpoints.”
The participation of human resources department is very important to improve employees’ safety awareness, which is very important to prevent network security attacks.
Shey said: “Although enterprises can take measures to protect endpoints, data and network access, it is not enough. They also need to help guide employees to understand the risks of telecommuting. “
2. Adjust the personal device security policy
New and stronger security measures are needed in times of crisis.
Shey said that human resources and IT departments should first work together to formulate clear and consistent policies for the use of personal devices.
She said: “Clearly communicate to employees what it means if they use their personal devices for work purposes. This may mean that employees need to download and install specific software for IT departments to manage devices, or IT departments can remotely wipe their devices. When workers understand that using personal devices for work means transferring some privacy and control to their employers, they may make different equipment decisions. Some employees may want to keep the separation between work and personal life, and therefore choose not to use personal equipment to work. “
3. Keep abreast of network security threats
Hackers have been improving and improving their attack methods. However, IT departments can continuously monitor the threat situation and find the preferred method before an attack. IT and human resources can keep open communication channels, so human resources can immediately raise employees’ awareness.
Phishing and network intrusion are the two most common threats that may persist in the foreseeable future.
Fake emails trick employees into revealing their passwords, access codes and other user identification information, which attackers use to access company data, funds and systems.
Kennedy said: “Although I don’t think phishing is a new threat, new changes are popping up for employees who work at home, and some of them are very effective. For example, consider an e-mail that references contact tracking. It contains all the characteristics of a good phishing scheme, such as timeliness, urgency, concern or fear to respond. “
However, it is not just email that allows attackers to enter the endpoint.
He pointed out that the home network is fundamentally different from the enterprise network, so it is more vulnerable to cyber attacks.
He said that an example of a weak endpoint is a home router with a management interface that is easily accessible through a default or weak password.
This can expose services that are not normally allowed by corporate firewalls.
Kennedy said: “The Wi-Fi network may not be effectively protected, and other users on the shared network behave differently. For example, most employees may not play downloaded games after finishing a day’s work at home, but their children are playing. “
The Internet of Things also provides different endpoint arrays, which poses a greater threat to the home network than to the business network. Smart TVs, mobile phones and smart devices are all examples of devices connected to a home network.
Shey said that everyone has an average of six connected devices. This means more opportunities for hackers.
Shey said: “Even before the outbreak, we have seen how consumers’ IoT devices have increased their attack surface. However, enterprises can take some measures to effectively alleviate these problems. “
Kennedy said: “Human resources can work with the Chief Information Security Officer to discuss many security strategies, from security awareness programs to re-examining the endpoint control of employees’ laptops.”
4. Excavate the professional knowledge of public relations and marketing.
Network security can play its best role when every employee in the enterprise cares about and accurately understands its meaning and how to improve the efficiency of the enterprise. This means that human resources and IT departments may want to contact other departments for help to improve security awareness.
In particular, the public relations and marketing departments have the skills to help improve the efficiency of message delivery.
Kennedy said, “A company’s marketing and public relations personnel spend a lot of time thinking about how to produce compelling information. Some of the most well-known sports look like advertising campaigns. “
He said, don’t be afraid to let these experts participate in the plan to help write the news.
5. Focus on human resources and IT collaboration to implement security control.
Human resources and information technology will need to work closely together to improve security without increasing the burden on employees.
Shey said: “Under the circumstance of uncertainty and pressure, the most important thing that the human resources department can do is to empathize and focus on employees’ experiences. In this environment, the main security risk faced by enterprises is how to regard employees as financial difficulties. The fear of layoffs and dissatisfaction with employers create an ideal environment for internal threats. “
For example, a bad employee experience will motivate employees to cope with change instead of accepting it. One of the most common reactions employees may encounter is working around or not supporting control. Lack of support will make enterprises face more network attacks.
Kennedy said: “In deploying security technology control, employees are sometimes taken lightly.” “The thinking process is that they are subject to everything implemented by the enterprise; However, [employees” target=_blank> usually have more agency rights than people realize. “
This means that when introducing new security control measures, IT really needs to rely on HR’s insight into employee experience.
Kennedy said, “HR and IT departments should think that the launch of these controls, although not exactly the level of launching something to customers or customers, is closer to that level.”
He said that there are some ways to promote user adoption. Here are some suggestions to help:
Before launching, you need to carefully test the usability of any security controls.
Thoroughly explain the reasons and the objectives of control measures, such as awareness training.
Be open to feedback that the control is causing friction or that it makes the user’s work more difficult.
Weigh the risk of friction and mitigation, and decide whether to continue or adjust the control measures.
Step 6 appeal to personal interests
The main rule of marketing is to understand the audience and attract their attention. Since security issues may be far away from any personal concerns, human resources departments need to redouble their efforts to link security issues with the concerns of the audience.
Charles Russman, an employment and cyber security lawyer at ClarkHill, an international law firm, said, “There are many ways to educate employees about the importance of cyber security and how it works. The most critical two are the personalization and participation of executives. “
Personalization, he said, means explaining to employees that network security is not only crucial for business continuity, but also can protect their own data and the data about family members owned by the company, such as the data in the corporate health plan.
Employees are more likely to be vigilant when they know that their own safety and family safety are threatened.
Explaining why employees must take certain safety measures-and the possible harm caused by not taking measures-is often more effective than just issuing instructions on how to take various safety precautions.
Shey said: “Make sure employees understand the reasons behind the safety measures, what they expect to do and who they should contact when they encounter problems.”