- Talent Management
Hacking has been a problem for many years. Indeed, billions of dollars are spent annually attempting to block hackers and keep data of all kinds safe. In 2016, however, hacking moved from an information security concern to a political concern.
In October, the U.S. government said it was “confident” that Russia was hacking the Democratic National Committee’s information. This was after thousands of stolen emails were revealed, including many that had a damaging impact of the Clinton campaign. By November, the message had changed. The CIA announced that Russia’s hacks were politically motivated and designed to support the President Elect’s campaign. More recently, concerns about “fake news” stories have also been linked to outside digital intruders. While it seems likely that the Russian hacking story will eventually receive as much attention as Watergate has received from political scientists and historians over the past five decades, for now, only one thing is certain. Hacking is on the rise and its consequences now reach far beyond compromising individuals’ personal credit and health data. In 2016, hacking became a major political issues with far-reaching consequences. For this reason, it seems likely that organizations of all kinds will be taking a long hard look at their own security status as we move into the new year.
With hacking on the rise, it is important for organizations (both private and governmental) to be on the lookout for potential risks, including internal ones. Although it is not necessarily the case, in some instances, hacking originates inside rather than outside organizations. In rare cases, employees arrive on the job with an intent to hack but in most cases, internal hacking is carried out as an act of retaliation (e.g., after a dismissal). The growing contract workforce also poses hacking risks. With few or no investments in an organization’s future, contractors often are more willing or have more to gain from engaging in hacking activities. Whatever the source, HR teams are increasingly on the front lines of the era’s security crisis.
In most cases, HR teams screen in candidates with specific skills. In some instances, however, they screen to keep certain types of candidates out. In the case of tech recruiting, the challenge is to screen in candidates with highly developed technical skills but with a low risk of posing a security breach. Bearing in mind that an estimated 60% of dismissed employees steal important corporate data after leaving, however, HR Teams also need ensure that when employees are dismissed, they do not take critical information with them to their new workplace. This can involve cutting employees access off as soon as one receives their notice. At the first least, HR teams should carry out rigorous background checks, ask contractors and part-time staff, including student workers, to review and comply with all internal security standards, to offer security awareness training to both new and continuing employees, and most importantly, to ensure that any informational assets are returned when employees leave or are terminated.
While no one wants to recruit a hacker, ethical hackers are a different story. Regardless of the size of your organization, it is advisable to have one or more employees on staff who are Certified Ethical Hackers. By definition, a Certified Ethical Hacker “is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).” In short, Certified Ethical Hackers have been trained to think and act like hackers and as a result, they are well positioned to find and fix weaknesses in your information system. If and when an attack occurs, they are also the people best positioned to troubleshoot the position and in some cases, trace the hack to its source.