Can you keep a secret? Apparently, Ashley Madison, Sony, Target, and many other companies can’t. Experts say phishing accounts for more than 90% of all IT breaches. According to a 2015 report from marketing agency The Starr Conspiracy Intelligence Unit, 53 percent of companies with more than 1,000 employees plan to invest in human resources technology software this year, but that number jumps to 60 percent among firms with fewer than 100 employees. Our HR information is at risk simply because of speed at which we are investing in HR technology.
Keep in mind the human capital management market hit nearly $11 billion in 2014 and is expected to grow to more than $17 billion by 2019. With all this growth combined with the increased number of hacks, we should be thinking about data security specifically when it comes to our HR technology.
Episode 52: Hacking and Security of HR Tech with Felix Odigie (@inspiredelearn)
The most recent Ashley Madison hack scandal has once again reminded us of data and information security not just for ourselves personally but also in business. Our information is at risk. We can’t afford to take chances when it comes to the security of our company communication, reporting, and our employee information and candidate records. Data security is an all hands on deck approach. Today’s podcast guest, Felix talks about strategies companies can use to protect themselves and their employees from putting them at risk.
Felix is the founder of Inspired eLearning. His companies offers a number of training and programs companies can use to simulate and train for phishing scams and hacking to prepare, educate and protect employers focused on their employees. He provides great advice into how employers can prepare for attacks and hacks like Ashley Madison. He says that most hacks happen not from someone breaching security but from a simple email scam called phishing.
What is Phishing?
What is phishing? Phishing is simply an email that is sent made to look like it came from a legitimate source. Clicking on the link provides combined with providing passwords, employee numbers or other private information outsiders access to your company information, systems and data just like can also do when a phishing email is sent pretending to be from your eBay account, bank or credit card company.
One hackers have this information, they access your corporate servers, applications and network having free reign to its contents. This is exactly how hackers infiltrated Target’s system. A phishing email was sent to Target employees from a third party vendor and a single Target employee provided data just after they clicked on the phishing link.
Felix and I recorded this podcast interview prior to the Ashley Madison hack. However, his advice remains the same. The best defense for keeping your company data, employee records and candidate information secure is through communication, simulation and prevention. When your HR technology is a single unified platform like many are, it puts your entire HR technology product suite at risk. Felix recommends HR working with your risk team as well as information technology department to provide training and resources to protect your corporate assets from unwelcome visitors. We need to educate our employees how to recognize phishing scams and other hacks. You can connect with Felix Odigie on LinkedIn.
HOW TO SUBSCRIBE TO THE WORKOLOGY PODCAST
*A special thank you to my production team at Total Picture Radio.