How HR can help in the battle against cyber-criminals

Giving free rein over internet access at work does not only post reputational risks, but leaves organisations open to cyber-hackers. Alvaro Hoyos from OneLogin explains the increase in risk and how training and education can help.

While many of us may never consider watching adult content at work, there is a secret proportion of colleagues around you who have done exactly that. In fact, a survey by OneLogin has revealed that at least two in five companies have caught employees indulging in adult content.

Gone are the days when an employee's occasional procrastination simply amounted to twiddling their thumbs and staring blankly out the window. Now our instant access to the internet has the potential to cause harm to corporate networks.

Technology has transformed our lives dramatically over the past 20 years, from how we purchase goods to how we consume media platforms.

A far-reaching world of information and entertainment is available through the internet that we have never had before.

However, this world has brought some very modern challenges for businesses.

Unwittingly exposed

The OneLogin study explored the freedom employees enjoy when it comes to unrestricted internet access and revealed as much as 76% of companies allow a high number of their employees free rein on the internet, which is unwittingly leaving businesses and their critical corporate data exposed to cyber-crime.

This kind of behaviour is not only a colossal waste of productivity, but also a cyber-security nightmare that could leave confidential files in the wrong hands.

The accessing of risky material has spread into the workplace. These websites represent a major threat to cyber-security because they are often plagued with downloadable materials and adverts that are embedded with viruses and other harmful malware.

For example, experts have recently warned the millions of Pornhub users to be careful, after it emerged that cyber-criminals were targeting the website with a highly dangerous "Kotver malware" that was cleverly masked through pop-up ads.

The use of "malvertising" on legitimate websites has become incredibly popular among hackers and accessing these materials within the workplace can be catastrophic, leaving company networks far more susceptible to phishing scams and viruses, which can be incredibly costly to remedy.

And there are plenty of examples of this risk becoming a reality. 2017 saw a host of devastating cyber-attacks on major companies such as Deloitte and Equifax, as hackers stole information about thousands of customers.

Could your company be next?

The thought of confidential documents and people's personal details getting into the wrong hands is a harrowing one, and it's likely to become a far greater issue in 2018.

Companies that allow their staff unrestricted access to the internet are in grave danger of placing their names next on the list of cyber-hacking victims.

According to the OneLogin survey respondents, 67% of businesses neglect to invest in single sign-on (SSO) solutions, and 54% don't use a domain name filtering system.

To avoid a descent into the further chaos that hacks create, businesses need to focus their attention on controlling the content that is being accessed via the corporate network and evolve cybersecurity strategies to reflect modern employee needs.

By introducing a single sign-on system, for example, this can help to keep information secure by using policy-driven password security and multi-factor authentication to ensure that only authorised users have access to sensitive data. Domain-name filtering blocks access to potentially dangerous websites based on a business's specific criteria.

HR should work with IT departments to prioritise training and educate their employees on the hazardous consequences of high-risk websites and raise awareness of the issue throughout the organisation.

Phishing risk

With the most common form of successful cyber-attacks arising from phishing emails, it also helps to conduct regular employee phishing assessments.

This enables businesses to identify who in their organisation is most liable to click on harmful emails, and help those who aren't as tech-savvy to be aware of what exactly a phishing email is.

Yet worryingly, nearly two thirds (62%) of the study respondents admitted their business fails to conduct employee phishing assessments, and more than a third (36%) don't invest in security education.

Cyber-security will continue to threaten businesses if businesses continue to ignore the risk it poses, not only to their brand reputation, but also to their livelihood.

HR should consider enforcing appropriate sanctions on internet access in the workplace to stop high-risk websites becoming their downfall.