Focusing on people power, in a cyberworld gone bad

Gone phishing: Hackers are out there, looking to steal corporate information -- and the best defense is an educated employee, according to Angela Mahoney.

The most important firewall a corporation can put up to protect its network starts with an employees’ job interview, and is measured by levels of employee engagement over time.

We tend to forget the human element when it comes to technology and the safety of employee and company information. We know that one click is all it takes to expose a company’s deepest secrets, and it’s usually caused by a disengaged or distracted employee who clicks on a toxic phishing message.

Such behavior is part of a global epidemic where, according to the University of Maryland, every 39 seconds, someone makes that wrong click and exposes their personal information. But individual data has now become a secondary target, as hackers go after government agencies and corporations in search of ransom money or databanks of lucrative information.

In 2014, the North Koreans hacked Sony Pictures. In 2016, the Russians sought to infiltrate the U.S. election system. This past July, one woman from Seattle breached Capital One, exposing more than 100 million credit applications. The City of Baltimore was held hostage by hackers who sought bitcoins in return for out-of-reach municipal data.

Meanwhile, technology consulting firm Kelser Corp. reports that 43 percent of cyberattacks target small businesses – companies that will never make the news, but still have access to data and private information that can easily end up in the wrong hands.

Angela Mahoney: Employees are the first and last line, and HR must prepare them.

Companies have invested large sums of money in their IT departments to acquire or create firewalls that can detect and contain data breaches. But it remains a problematic endeavor: According to Accenture, the number of large-scale, targeted breaches in the United States is growing at 27 percent per year.

It’s safe to say that the IT buffer is not sufficient to effectively combat this ever-growing problem. The vigilance and attention of the employee, within a culture of integrity, has a lot to do with supporting these efforts.

Cybercriminals do not target computers; they target the people who sit behind them. Even Mark Zuckerberg’s account was hacked during a system-wide breach targeting a prominent feature of the Facebook platform.

All the software and IT protections could be in place, and an enticing sale, or a plea for help from a CEO, can lead an employee to the wrong phishing link, and deep into the depths of the hacking rabbit hole.

It’s time for company leaders to recognize their human resources departments are a crucial ally in confronting the flood of phishing and malware – and given that Juniper Research suggests that cybercrime will cost businesses $2 trillion in 2020 alone, this emerging HR role couldn’t come soon enough.

At Otsuka, we believe the human resources team plays an essential role in creating and upholding a corporate integrity that identifies and addresses behaviors that expose our proprietary information, whether through technology or the deliberate sharing of information.

More than a simple memo or morning lecture, HR needs to approach hacking and harmful information sharking with the same tools it uses to prevent a hostile work environment, or to confront prejudice or misogyny.

One example is communicating with our employees about the signs of phishing, and how they can avoid the many traps that cyber-hunters dangle in front of them. While it’s important to train existing employees and continue to feature new and more sophisticated examples of hacking and privacy features, it’s also vital that this communication starts on Day One of the onboarding process.

Otsuka is revamping its onboarding process for 2020, working with IT, compliance and legal department leaders to ensure the right messages are being conveyed about protecting company assets now and in the future.

Corporations need to recognize that communicating about computer safety is not effective unless it’s an embedded cultural norm within a company. Human resources must advocate to company leadership that computer safety works best when IT, HR and compliance officers are integrated on this issue and it becomes a priority within a company’s set of values.

Establishing a culture of computer safety is not only necessary for a company to succeed against hacking – this cultural setting will be appealing for prospective employee talent and a corporation’s client base.

As technology advances and develops, so does the intelligence of the hacker waiting for an employee to make a not-so-harmless mistake. Instead of taking a reactive approach, where company leaders wait to be attacked to then apologize to their employees and customers, human resources should lead the way on proactive measures to make sure businesses are safe in the first place.

This will go a long way in cybersecurity, and help employees make their next online click free of fear.

Angela Colon-Mahoney is vice president of human resources at Otsuka Pharmaceutical Co., a Japan-based multinational focused on holistic healthcare.