There is no mincing words. HR is proving to be one of the most vulnerable avenues for hackers looking to embed ransomware into a company database, according to Chief Security Officer magazine.
Typically using bogus resumes sent as email attachments, hackers continue to target HR and ransomware, a tough-to-avoid and growing threat, seems to be the weapon of choice. As it sounds, ransomware can hold an entire company system hostage until the company pays a ransom, usually via hard to trace bitcoin.
CSO specifically mentions a ransomware variant called Petya, which encrypts an entire hard drive rather than files, as one of emerging ways HR can become compromised.
Brian Nesmith, CEO at Arctic Wolf, a cybersecurity provider, told CSO that "The latest thing is that human resources organizations in general sit adjacent to finance organizations. More importantly there are a lot of external parties that need to connect with human resources."
Nesmith points out that HR staff are often not very well steeped in information technology, so that's a disadvantage when looking to stop these costly infections. Also employee records and financial systems are "a juicy target or malicious actors." After all, HR is where opening emails and reading resume attachments happens. That's not the only vulnerable area, as employee benefits systems are a weak spot, especially among smaller employers who can't afford expensive data security systems.
Apart from the obvious strategy of monitoring a network with the right data security tools, systems and strategies, HR needs to boost its user training. If done correctly, proper training could mean the difference between keeping data safe or being held hostage.