Page 62 - Cyber Defense eMagazine December 2022 Edition

P. 62

Sleeping with the Enemy

HR departments must also pay significant attention to their hiring and retention practices, implement fail-
safes to avoid hiring potentially disloyal employees, and detect unusual activity indicating that an active
employee may be misappropriating sensitive information, including feeding it to would-be cybercriminals.
A standard vetting process would include multiple interviews (including live, in-person interviews, even
for remote positions), in-depth background searches as to financial, employment, and criminal histories
and an investigation into the candidates’ Internet and social media presence. These practices must be
implemented in compliance with applicable state and federal employment practices – so consult your
local employment attorney.

Human resource managers and hiring partners must work cohesively with information technology and
security departments to develop and implement safer employment practices. Proper data controls must
be in place to identify and designate data with the appropriate level of secrecy, tier and compartmentalize
access to that data, and track the use and transfer of that data internally and externally. Most enterprise-
level file management software includes this functionality, and these resources’ cost has decreased
significantly over the past several years.

From a legal perspective, failure to take reasonable precautions to prevent cyberattacks – a standard
that varies with the type and size of the business, can expose a business to significant liability under state
and federal law in the event of a cyberattack. As noted above, cybersecurity insurance may help, but it
is not a silver bullet and only matters after an attack has occurred. Much of the focus now needs to be
placed on the front end with prevention, testing, education, and compliance measures working together
to stop the house from turning into dust.

57 58 59 60 61 62 63 64 65 66 67