Author: Salvatore Corradi – FM Chairman
The issue of cyber security should be one of the main concerns of a company, especially in the digital age. For this reason, the human resources departments and the security teams in collaboration with the Digital HR work hard to guarantee the protection of a company from external threats and to maintain a level of privacy for its employees.
Last year there has been a 35% increase in cases in which companies suffered attacks by hackers who have stolen their data or have caused damage. What is the reason for such a huge increase of these criminal acts and how do these digital pirates operate?
The global upheaval caused by COVID-19 is a key element to grasp better what lies behind this disturbing fact. It is well known that many employees suddenly found themselves having to work remotely, without the ability to plan transition programs that take into consideration digital security. Just like in the case of holidays, hackers have seized the opportunity to further rage in a global stress scenario.
Studies and surveys show that there are clear preferences regarding the most affected departments: a growing point of interest is the theft of credentials and, in the case of human resources, the appropriation of protected databases. In these cases, the leader of a company fears the possibility to submit to blackmail or ransom demands for encrypted files. Companies were therefore easy targets for cybercriminals as they were more inclined to pay any ransoms in order not to further aggravate their already compromised situation.
Cybercriminals have acted with precise attack techniques, including suspicious and malicious e-mails containing URLs that were entered with the intent of concealing credentials, a famous scam known as phishing attack. These outlaws thus leverage the constant need for information and human curiosity, also exploiting the need of the populations to stay as updated as possible on COVID-19.
To avoid these unpleasant inconveniences it is important to implement protection policies (if you have the need and the possibility even sophisticated), in addition it will seem trivial but given the frequency with which passwords are stolen or found, it is essential to combine passwords with other forms of authentication, perhaps adopting multi-factor authentication.