Cyber security expert suggests steps for protecting sensitive data
Of several high-profile cyberattacks that have recently taken place around the world, 2017 began with a so-called ransomware assault aimed at HR departments. Its disguise: an Excel document purportedly containing a job applicant’s curriculum vitae or CV and aptitude tests for consideration.
The harrowing incident came two years after the U.S. Office of Personnel Management was hacked, which compromised the personal data of millions of present and former federal employees.
Idan Udi Edry, an expert source on cybersecurity, says the industry is a popular target for hackers given the breadth of sensitive employee records that are stored and can be exploited, as well as the propensity for staffers to open unsolicited emails. Concern is mounting that stolen names, addresses and social security numbers could be used for identity theft and blackmail.
His recommendation is that HR and benefit practitioners, including brokerages and advisory firms, secure their Wi-Fi networks, get educated about “phishing” expeditions that poach personal information and practice good cyber hygiene.
The logical starting point of this multi-pronged strategy is a “basic minimum protection of our emails,” since he says it’s the most common form of business communication and everything is online in the digital age. That means having two different lines of communication and ensuring that “not every guest can log into the same network with the employee running the infrastructure between them,” he explains.
A second layer involves information security protection, according to Edry. It entails understanding what type of applications are running and how to secure them. This safety net, which helps flag suspicious emails or unexpected files, extends beyond the organization to include interaction with clients and suppliers.
Another critical step is to protect, and completely separate, core data from other infrastructure of communication with the outside world. An example of what it’s so important is the recent security breach at Equifax, the consumer credit reporting agency, which he describes as “the Hurricane Irma of the cyber world” – an event affecting as many as 143 million people.
Edry and his team at Trustifi, a SaaS company specializing in email encryption and security, have developed software featuring three patents to raise the level of security and efficiency in HR or other departments. Users can access a free trial of the software to experience the power of the tool first hand.
The idea is to secure and encrypt files within a given organization “before they even go out to the world,” he says. As part of this approach, Trustifi uses a “two-factor authentication” for opening emails that are sent and with the encrypted file. In addition, a cyber postmark, much like snail mail, tracks the time and place when the person for whom an email is intended opens that correspondence.
Cyber security has become a critically important task in business, according to Edry, who used to helm a cyber security company named Nation-E and served as head of data and security for Pelephone, Israel’s leading cellular operator.
“This can take down the entire economy of the United States if we don’t wake up and implement the necessary tools to protect our organizations and most core value information,” he suggests.
By Bruce Shutan
Bruce Shutan is a Los Angeles freelance writer.