SALES & MARKETING
Combating Cybersecurity Risks Don’t Leave Your Digital Door Unlocked. BY PAUL BANUSKI
O Paul Banuski is a human resource consultant for HR One, a full-service payroll and human resource consulting firm. For more information, call the company’s Helpline at 1-800-457-8829. This article was used with permission from HR One.
ne question I love to ask employers is, “What is your greatest organizational asset?” Almost invariably, the answer they give me is, “Our people.” And it’s true. People represent one of the greatest assets most businesses have. Then, I flip the question around. “And what’s your greatest liability as an employer?” And, amazingly, the answer is usually the same. “Our people.” Between payroll, benefits, and administration, employees represent an enormous portion of company resources. And that’s before you consider turnover, absenteeism, disciplinary issues, insurance claims and unemployment costs. Then, there are the cyber security risks… Organizations large and small have been the target of various hacks, ransomware, viruses and other forms of cyber attacks in the past few years. These attacks can cost millions of dollars to fix. According to international insurer Allianz, cyber attacks have been on the rise every year since 2016, and the claims paid in that time total nearly $900 million. While there are individuals and networks of savvy criminals ultimately responsible, more often than not, they’re able to find their way into a company’s network because an employee has left the digital door unlocked. Employees don’t mean to do this, of course. But, sometimes they make a mistake and forget to follow security procedures and protocols (assuming, of course, an employer has those safeguards in place). And some cyber criminals aren’t looking for a seven-figure payout; they’re comfortable targeting smaller organizations for
smaller amounts of money. For example, in 2019 the Onondaga County (NY) District Attorney’s office warned of a payroll scam targeting employers using fraudulent email addresses to have direct deposit information changed from an employee to an account set up by the scammer or from hackers using an employee’s account to redirect the paycheck. The district attorney said in a news release, “These requests may look valid, since they often come from the employee’s actual email account which has been compromised, or a spoof email that is designed to appear similar to the user’s email handle (for example, using the number “1” in place of a lowercase “L”). Alternatively, the request may use the appropriate internal organizational forms to change banking information lending the appearance of credibility.” But sometimes the trick isn’t even that devious. It’s not necessarily a nefarious genius with a high-tech set-up trying to hack your employees or your company. It’s just that too many people volunteer important information on social media and make it easy for people to commit crimes of opportunity. Think about it. If you have online accounts to manage your banking, credit cards, or payroll, consider the password security questions for those accounts. Often the questions that must be answered when you reset a password on a website are about first cars, names of favorite teachers or pets. Take a quick glance at your Facebook feed and see how many people just in your own network give that kind of information away to Winter 2022 • 107
