NAPEO
Cybersecurity is an essential aspect of business operations, which is why it cannot be viewed as the sole responsibility of the IT department. Cybersecurity threats evolve daily and organizations can best prepare and protect themselves by taking a shared responsibility to protect the company’s assets and data.
One of the questions I’m frequently asked by PEOs is simple: Is the cloud safe? Actually, this is a trickier question than it seems. The answer is yes, of course, but like any internet-based endeavor, there are certainly many caveats. Cloud security requires you to think about security differently than on-premise security or data center security.
Every business faces different challenges whether from competitors, market changes, supply chain disruptions, or myriad external or internal forces. Yet every business, regardless of size or industry, faces a common threat: the security of critical data. Whether it’s the leak of proprietary business information or customer data, or a breach, or a malicious software attack, it can be devastating. Security incidents result in disruption, fines and a loss in customer confidence that can take years to recover.
We all have locks and alarms on our homes, businesses, and vehicles. None of us would think about leaving our property unguarded. Why would you take the chance with your digital property? So, what can PEOs do internally to help secure the vulnerable areas of their business? As IT Manager at ESI, I have the task of guarding the gates of ESI through various techniques. Hopefully, by sharing some of these techniques, we will add some nuggets to your cybersecurity protocol.
Disasters are inevitable, and their timing is unpredictable. Preparing your company and employees before disaster strikes can make the difference between a catastrophe or an inconvenience. While no one wants to experience a business disruption, especially any technology-related disruption, there are many reasons that you could end up in that position.
The exposure of being an employer is dynamic and untenable for a small employer, which is why PEOs are so crucial to businesses. While core PEO responsibilities such as payroll, procurement of workers’ compensation, and human resources are foundational value propositions to assist employers, in addition to these areas what makes one PEO more attractive than another in the selection process? What is the biggest problem to solve for your client company? Maybe it’s safety. Usually, the area where they lack the most understanding and support is in cyber defense. Every client of yours is a sitting duck for a hacker and you can help.
As chief information security officer at PrismHR, Dwayne Smith leads the company’s cybersecurity efforts. He works to strengthen cyber defenses, and guard vital information from internal and external threats. A vast and evolving field, cybersecurity requires constant vigilance, training, and adaptation. Smith may be a relative newcomer to the PEO industry, but his background boasts impressive cyber credentials from service in the United States Navy, consulting with government agencies, and leading cybersecurity efforts for Cummins, Inc., a large multinational company.
As someone who has spent the past 20-plus years studying cybersecurity and supporting commercial, defense and intelligence organizations, I joined the PEO space earlier this year because I saw an opportunity to help this industry improve its cyber protections. Doing so is vital to help protect them and the small- and medium-sized businesses (SMBs) that make up the lion’s share of companies.
One area where we serve our clients is by providing technology, but are our technology offerings up to par? Has our technology kept up with our workforce? Where are we stuck? Where are we falling short? How do we create the change we need to walk the electronic walk? And how inclusive, really, is our technology? For those of us who’ve participated in annual goal setting meetings, we’re familiar with the intentionally weird moniker big hairy audacious goal or BHAG. I prefer a slightly smoother approach: functional, all-inclusive, and benefits all or FAB. Are your PEO’s technological offerings FAB?
Crisis communication is a large part of that response plan. It includes the collection, organization, and dissemination of timely and factual information to mitigate the impact of a crisis. It’s the dialogue between your PEO, your clients, and respective stakeholders before, during, and after an incident. Effective crisis communication planning takes the confusion and panic out of a crisis and replaces it with accurate, clear information and reassures that help is on the way.
To better protect your business against cyberattacks, you should be aware of the common cyberattack trends that can put your business at significant risk and best practices to protect to implement.
In upcoming articles in this series, we will cover some of the different types of hacks and hacktivism that are most common today in greater detail. And while each of these different types have specific preventative and reactionary steps that should be taken, there are some measures that are universal regardless of the type of attack and resulting outcome of them. For example, if it is an email that contains links or attachments that you don’t recognize then don’t click on anything. Deleting the email immediately is the safest option. If you get an email from someone and the wording doesn’t seem consistent with previous interactions, then don’t just take it at face value. Contact the sender in a different email or phone call and confirm what you are seeing is legitimate before you do anything else.
It is accepted as common wisdom that technology improves the work environment, streamlines processes and workflows, and makes a workplace more productive with diminishing costs over time.However, until relatively recently, there has not been much data to quantify or qualify that conclusion.
Long gone are the days when changes to the business climate were easily foreseeable and gave us plenty of time to plan and respond. Pandemics, wars, and competition from new market players are just a few recent trends that make managing your business more complicated than ever.
With the recent rise of cybercrimes, PEOs, like many businesses, must now recognize that data security in cyberspace and in their own systems is of the utmost importance for the safety of not only themselves but also for their clients.
As hackers continue to target critical infrastructure sectors, attempt to steal personal data, threaten to release such data, and collect ransom, the need for more regulation and corporate diligence could not be more necessary.
PEOs are in the business of offering robust human resources services to their customers and off-loading the responsibilities involved to a team of professionals who know how to manage employee information safely. Customers need help to make sure they keep sensitive information safe and secure. To address the legal obligations companies have when handling employee information, PEOs evaluate the information they handle and the legal obligations regarding data security imposed for handling such information, making sure they introduce cybersecurity measures early and reinforce them often.
While there is not an exact definition of cyber hygiene, I summarize it as a set of formal and habitual practices that ensure the safe handling of critical data and securing networks. Cyber hygiene must be institutionalized, as any weak link can cause issues to all on a given network or distribution. It is a communal exposure that needs to be addressed in a communal manner.
Cyber insurance coverage and underwriting have changed a lot since the first cyber insurance policy was sold in 1997, especially in the last two years. Cyber insurance didn’t really take off with business owners until around 2014, when cyberattacks became more frequent and primarily involved stealing personal and private information of businesses’ employees and customers. When stolen personal information resulted in identity theft, businesses faced financial liability as they found themselves being responsible for the restoration of the identities. Businesses performed restoration either voluntarily or after lawsuits were filed. These businesses also found themselves paying for credit watches for all of the individuals whose information had been stolen.
