When employees work from home, they don’t have the opportunity to walk down the hall to make sure the email they have just been sent is legitimate, and it’s causing issues. Recently, an employee working for Twitter agreed to allow someone he thought was an employee access to sensitive information on customer accounts. You may have read about it in the news. In another instance, cyber-thieves targeted a large law firm asking prominent attorneys to be mentors for work-study programs. When the work-study was done, the ‘students’ sent fillable forms to the attorney mentors. Malware was embedded in the forms, and once a lawyer clicked on the link, the malware was downloaded on to the firm’s software to search for sensitive information. I used to receive texts now and then from our CEO telling me he would like to talk to me. It was odd because he would email with a question or request when he needed something, without asking to talk. I would call him and ask if he sent the text, and he would reply that he did not.
A good cybersecurity program delivered to new employees, with refreshers on an annual basis to current employees, can be well worth the cost. Typically, it involves both education and sample emails sent to employees to see how easily they are fooled. Written dos and don’ts that are easy to reference might be helpful. Simply alerting employees to stories like the ones above can cause them to pause and think of other methods to verify requests from someone they do or do not know. This topic deserves some HR attention. If you are thinking about it and have questions, please give us a call. We can help.