Ransomware attacks including the most recent NotPetya attack, have caused major panic in New Zealand and around the world. According to an article published by Idealog and research conducted by Kordia, a significant amount of New Zealand businesses feel they aren’t prepared when it comes to cyber security.
Cyber security in a mobile workforce
We are in the digital age and it can be tricky balancing technology with the correct security and precautions. At Hello Monday, we embrace technology and flexible working as we’ve discussed previously. A few of our team members work from home and it’s our responsibility as their employer to ensure they have a secure connection. And whether they use their own device or a company device, the policies around security are the same. We also engage in social media so we make sure we have strict policies in place in regards to what can and can’t be posted.
HR policies and procedures
As an employer, what can you do to ensure your business is prepared for a cyber-attack? Do you have HR policies and procedures in place? Here are some questions to ask yourself:
- Are your HR policies and procedures around technology up-to-date? When did you last review them?
- Are your employees aware of your policies and procedures? What happens if your email system shuts down and there’s a cyber-attack? Do your employees know what to do?
- Does your business have a communications process in place in case there is a cyber-attack?
- Do you have a BYOD (Bring Your Own Device) policy? And do the devices have the correct anti-virus software? If your employee’s laptop is hacked, where does the responsibility lie?
- Do all your employees mobile phones have a key lock and cryptic password? Are their phone trackers turned on?
- Who has access and the password to your company Wi-Fi? Do you change the password often? What happens when an employee leaves?
- Who has remote access? Are your employees’ VPN’s secure?
If you can’t answer some of the above questions, then it may be time to review and update your HR policies and procedures.
Onboarding and induction
Along with having comprehensive policies and procedures in place, cyber security should also be a key component of your onboarding and induction process. Is this something you have in place in your business? If not, here are a few tips to help you get started:
- Give all new starters a copy of your HR policies and procedures to read and sign
- Advise them not to give out usernames and passwords to anyone and not to open emails and attachments from people they don’t know
- Ensure they report any strange behaviour and/or requests (and know what to look out for)
There’s a lot to consider when it comes to cyber security but it’s absolutely vital that your business takes a precautionary approach.
If you have any questions or if you require help with your company policies, procedures and/or onboarding and induction process, please do get in touch.