With the current furore surrounding ABS and the census, what can HR learn from the outage and possible hack?
The outage and alleged hack of the census website has provided a timely reminder for HR departments to take care of confidential employee information.
Privacy fears had already congregated around this year’s census – fears which were further exacerbated when the site went down on Tuesday night (9 August).
In light of the denial of service attack – which crashed ABS servers rather than gave criminals access to confidential data – HR should consider the best ways to protect personal information within the workplace.
Cyber safety & culture
It is important for HR to instil values of safety amongst staff when using technology. This especially applies to commonly used yet risky behaviours such as password sharing, IT expert and professional penetration tester Asher DeMetz told HC.
“Password sharing is a security risk because the password gets written down,” he said, “and what is written down can be seen by the wrong pair of eyes.”
Screening out malicious candidates
In the recruitment process, it is important to conduct background checks on all potential candidates to prevent security risks, said Mark Silver, Chief Security Officer at First Advantage.
“Despite the technological sophistication so often associated with information theft and security issues, there’s a fundamental layer that relates to human resources and people management,” he told HC.
“It can be easy to focus heavily on IT solutions like firewalls and anti-malware, which are important, but there should be no mistaking the fact that data breaches also have a lot to do with people making either bad decisions or mistakes.”
Haunted by the ghost of employees past
Even when an individual leaves an organisation, it is important for HR to ensure that any information about that person is kept safe. In the event you want to destroy data, be aware of your legislative obligations, Craig Searle, chief apiarist at Australian cybersecurity firm Hivint, told HC.
“If you want to get rid of the data you’re holding on an employee who has perhaps left the company, it’s understanding what the legislative and regulatory requirements are around when you can get rid of that data and what appropriate measures you can take in getting rid of it, like secure deletion processes and that sort of thing.”