Potential Russian cyberattacks highlight the importance of cybersecurity for businesses and HR.
Here's what you need to know:
- The U.S. Cybersecurity and Infrastructure Security Agency has warned against potential retaliatory cyberattacks from Russia
- Phishing, ransomware, and DDOS attacks are some of the most common types of cyber operations
- There are steps you can take to secure your business information — such as strong passwords, multi-factor authentication, and more
The current Russian invasion of Ukraine prompted the United States Cybersecurity and Infrastructure Security Agency (CISA) to warn against potential retaliatory cyberattacks from Russia. And it’s not completely farfetched. Russian hackers have been targeting businesses and governments across the globe for decades.
Over the last decade, nearly 35% of all geopolitical cyberattacks have come from either China or Russia, and Russian hackers have been involved in 75 confirmed attacks on government websites. And while a government agency is likely to be considered the primary target, many other hackers will use this period of disruption to break into businesses.
For human resources professionals handling sensitive data, sometimes daily, knowing how to protect yourself is crucial. The first step is to understand the destructive cyberattacks out there. That will help you figure out what critical infrastructure you need to safeguard personal information.
5 common types of cyberattacks
Several cyber risks target personal data and other sensitive information. This can include customer names, addresses, and credit cards. But a hacker may also seek to gain access to company user credentials.
Some of the most common types of cyber operations are:
- Phishing. This cyberattack is the most common type of threat. In this situation, the victim clicks on a link or gives the hacker access to their data. Usually, the victim receives a fraudulent email or social media message that appears to be from someone they know or would recognize. These hackers can often create a fake login page for standard company tools or even eCommerce sites like Amazon.
- Ransomware. A type of virus or malware, a ransomware attack prevents the victim from accessing their data. The attacks may also threaten to delete or publish sensitive data unless you send them money.
- Distributed Denial of Service Attack. Often called a DDOS attack, this destructive cyberattack overloads resources and bandwidth through flooding traffic through your website or servers. In other words, the goal of this attack is not to steal credentials, necessarily, but to shut down a system.
- Brute Force Hack. Many hackers resort to forcefully discovering passwords through automation and bots. This is why weak passwords are so easily hacked. In fact, any password less than 11 characters, even if you use uppercase, numbers, and symbols, can be hacked almost instantly.
- SQL injection. In this case, a hacker may add malicious code to a comment section on a website or in another less-secure area of the website.
Steps to secure your business information
The good news is that most of the tips and tricks to protecting your business from a cyberattack are fairly straightforward. Simply keeping your software and hardware maintained, and enabling security authentication, can go a long way.
Simply keeping your software and hardware maintained, and enabling security authentication, can go a long way.
Use strong passwords
A strong password is your first defense against hackers. To create a strong password, it is best to avoid simple words and phrases. Instead, your password should contain lower case letters, uppercase letters, numbers, and symbols.
One of the easiest ways to reduce potential risk is to turn on multi-factor authentication for all business accounts, including email. This adds an additional layer of security on top of your hopefully strong password. Your authentication factors may differ per platform. You can choose to receive a confirmation email, text message, phone call, code sent to an authentication app, or use biometrics.
It’s critical to ensure that you continuously update your software and computer. Using the latest version of any platform will reduce the likelihood of hidden vulnerabilities in your system.
Limit user controls
Revisit who has access to what within your system. When fewer people have access to sensitive data and personal information, there is a smaller chance that this information will leak or that hackers will steal it.
Be wary of links
Since 2020, organizations have seen an 80% increase in phishing attempts, which is by far the most common type of cyberattack. It’s critical to take a step back and think about every link your click. Who is the source? Are they credible? Do you know them? Does their email address or username include a verification symbol, or have you used that line of communication before?
Reduce data touchpoints
Finally, you can protect yourself and your customers by limiting the type and amount of data you store on your servers. Various third-party services will secure and manage data for you, some going as far as to use tokenization to mask user data.
What to do in case of a cyberattack
What can you do if you believe your system has been compromised? Here are the 7 basic steps you can take to limit the breach:
- First, isolate the systems or networks you believe were affected.
- If you can’t figure out what systems received an impact, power down your entire system.
- Meet with your incident and business continuity teams.
- Record a system image of the impacted devices.
- Alert federal law enforcement.
- Begin to repair and restore the affected systems.
- Let customers and employees know about the attack, what steps you took, and any damages that might affect them.
HR’s role in cybersecurity
In many ways, a solid cybersecurity infrastructure in HR is a critical line of defense.
Suspected Russian hackers are likely to target government websites and local governments. But it doesn’t help to be prepared.
Because, let’s face it, even before the invasion, cyberattacks were on the rise. But in a crisis, businesses should ensure that their processes and people are aware of essential security standards.
Human resources are perhaps one of the most vulnerable departments. Considering that HR handles the personal data of all company employees, hackers can leverage employee information for money and further access to customer data. In many ways, a solid cybersecurity infrastructure in HR is a critical line of defense.
This is why there is one more thing HR pros can do to support cybersecurity efforts — maintain compliance. Whether that’s the CCPA, GDPR, ACA, HIPPA, or another regulation, compliance standards can help protect company and customer data.
To stay on top of compliance in 2022, check out our detailed compliance calendar.