WatchGuard Blog

Why the HR department is key to cybersecurity

In recent years there has been a growing trend for cybercriminals to target human resources departments in order to exploit the sensitive data they handle. Hackers can do a lot of damage, and make a lot of money, once they gain access to Social Security information, dates of birth, work history or employee and company bank account numbers.  

HR departments are an attractive target given the amount of data they handle but they are also well positioned to act as an entry barrier and prevent potential cyberattacks.  

What are the most common ways HR departments are attacked? 

According to data from the latest Verizon Data Breach Investigations Report, 85% of data breaches occur due to human error, so it is of utmost importance that this department is prepared to mitigate the risks of cyberattacks and ensure that data is protected. 

Which threats should HR employees be looking out for? 

  • Phishing: according to a survey conducted by Statista in 2021, which surveyed 3,500 organizations globally, 3% of employees who received a malicious email clicked on the link provided, exposing the organization to attackers. These findings show that even though this technique is one of the most widely used and many users are already aware of the dangers, we should never let our guard down. 

  • Payroll fraud: this new scam specifically targets human resources departments, as hackers use social engineering to get the company to divert an employee's payroll to an account they own. Large organizations are usually targeted as communication between departments is often weak.  

  • Malware: hackers send fake job applications with attachments, designed to look like legitimate resumes, containing malware that infects the device when downloaded. 

Identity theft, the first step to a corporate security breach

Identity theft is one of the most common tactics used to catch personnel departments off guard. The Society for Human Resource Management (SHRM) states that the percentage of identity theft originating at work is estimated to be anywhere from 30% and 50%

Email spoofing allows the malicious cyber actor to impersonate the sender by using a company employee’s identity to contact the human resources department. This enables the hacker to obtain sensitive information that can be used to launch another more powerful attack or, as we explained earlier, to carry out payroll-related fraud.  

How do hackers do this?  

  • By compromising an employee's corporate email account. 

  • Using a cybersquatting technique, where they emulate the sender's legitimate domain making a minor change that is very hard to notice. For example: changing one letter in the email address that the recipient is unlikely to spot.  

A new form of impersonation has recently been reported in the United States, where a person uses Deepfake technology for job interviews for remote positions, using a different face so as not to be recognized. Typically, this new technique is deployed to get jobs that give personal access to customer information, financial data, corporate IT databases and proprietary information. 

Which steps should be taken to prevent this type of incident? 

  • The human resources department must be very vigilant during recruitment processes, as well as when receiving documents from providers. It is important to be sure the sender and the document are legitimate before opening any attachments.  

  • During remote interviews, observe if the actions and lip movements of the person being interviewed on camera are not fully coordinated with the audio of the person speaking, as this is a clear sign of Deepfake. 

  • Use advanced identity management solutions that prevent unauthorized access to systems and resources, as well as theft of corporate or protected data. 

  • Ensure that company policies and procedures are up to date, including procedures for remote working. All employees should be aware of their roles and responsibilities. 

  • Review and revoke employee access to ensure that employees only have access to what they need to do their jobs. This makes it more difficult for hackers to roam free through an organization's systems.