Topic: CYBERSECURITY & TECHNOLOGY

As someone who has spent the past 20-plus years studying cybersecurity and supporting commercial, defense and intelligence organizations, I joined the PEO space earlier this year because I saw an opportunity to help this industry improve its cyber protections. Doing so is vital to help protect them and the small- and medium-sized businesses (SMBs) that make up the lion’s share of companies.   

One area where we serve our clients is by providing technology, but are our technology offerings up to par? Has our technology kept up with our workforce? Where are we stuck? Where are we falling short? How do we create the change we need to walk the electronic walk? And how inclusive, really, is our technology? For those of us who’ve participated in annual goal setting meetings, we’re familiar with the intentionally weird moniker big hairy audacious goal or BHAG. I prefer a slightly smoother approach: functional, all-inclusive, and benefits all or FAB. Are your PEO’s technological offerings FAB?

Crisis communication is a large part of that response plan. It includes the collection, organization, and dissemination of timely and factual information to mitigate the impact of a crisis. It’s the dialogue between your PEO, your clients, and respective stakeholders before, during, and after an incident. Effective crisis communication planning takes the confusion and panic out of a crisis and replaces it with accurate, clear information and reassures that help is on the way.

To better protect your business against cyberattacks, you should be aware of the common cyberattack trends that can put your business at significant risk and best practices to protect to implement.

It is accepted as common wisdom that technology improves the work environment, streamlines processes and workflows, and makes a workplace more productive with diminishing costs over time.However, until relatively recently, there has not been much data to quantify or qualify that conclusion.

Long gone are the days when changes to the business climate were easily foreseeable and gave us plenty of time to plan and respond.  Pandemics, wars, and competition from new market players are just a few recent trends that make managing your business more complicated than ever.

In upcoming articles in this series, we will cover some of the different types of hacks and hacktivism that are most common today in greater detail. And while each of these different types have specific preventative and reactionary steps that should be taken, there are some measures that are universal regardless of the type of attack and resulting outcome of them. For example, if it is an email that contains links or attachments that you don’t recognize then don’t click on anything. Deleting the email immediately is the safest option. If you get an email from someone and the wording doesn’t seem consistent with previous interactions, then don’t just take it at face value. Contact the sender in a different email or phone call and confirm what you are seeing is legitimate before you do anything else.

With the recent rise of cybercrimes, PEOs, like many businesses, must now recognize that data security in cyberspace and in their own systems is of the utmost importance for the safety of not only themselves but also for their clients.

PEOs are in the business of offering robust human resources services to their customers and off-loading the responsibilities involved to a team of professionals who know how to manage employee information safely. Customers need help to make sure they keep sensitive information safe and secure. To address the legal obligations companies have when handling employee information, PEOs evaluate the information they handle and the legal obligations regarding data security imposed for handling such information, making sure they introduce cybersecurity measures early and reinforce them often. 

While there is not an exact definition of cyber hygiene, I summarize it as a set of formal and habitual practices that ensure the safe handling of critical data and securing networks. Cyber hygiene must be institutionalized, as any weak link can cause issues to all on a given network or distribution. It is a communal exposure that needs to be addressed in a communal manner.

As hackers continue to target critical infrastructure sectors, attempt to steal personal data, threaten to release such data, and collect ransom, the need for more regulation and corporate diligence could not be more necessary.