Data security is not just the responsibility of the IT department. In many cases, employees are the first line of defense when it comes to recognizing suspicious activity or a potential cyberattack. However, employees often hesitate, overlook warning signs, or simply do not know what to do next.
As an HR professional, part of your role is to ensure employees have clear, accessible guidance. Below is a simple step-by-step process you can distribute to employees to help them respond quickly and responsibly if they think they’ve been hacked or exposed to a cyber threat.
Here are some steps to share with employees:
Step 1: Don’t panic, but act quickly
Employees should act immediately if they notice something suspicious, such as an unfamiliar password change, unauthorized file access, or a strange email sent from their account. Quick action can prevent further damage.
Step 2: Disconnect from the network
If the employee believes their device has been compromised, they should disconnect it from the internet or internal network. This includes turning off Wi-Fi, unplugging any network cables, and avoiding further logins to sensitive systems.
Step 3: Report the incident
Employees should know exactly who to contact and how to report an issue. HR can help by clearly communicating the appropriate IT or security contact email and phone number. Employees should provide a description of what they experienced, when it occurred, and what steps they have taken.
Step 4: Do not delete or attempt to fix the issue
Employees should avoid deleting files, running antivirus scans, or restarting the device unless instructed to do so. Attempting to fix the issue may interfere with the investigation or eliminate important evidence.
Step 5: Change passwords only when directed
If login credentials may have been compromised, IT may ask the employee to change passwords. However, this step should not be taken until IT advises that it is safe to do so.
Step 6: Cooperate with follow-up
Employees should be available to assist IT or security with any follow-up needed. This may include enabling multi-factor authentication, reviewing account activity, or updating software.
Promoting security awareness through HR
Employees should feel safe and encouraged to report potential security concerns without fear of blame. HR can reinforce this by including security guidance in onboarding materials, sending regular reminders, and partnering with IT on internal awareness campaigns.
When employees know what to do and who to contact, organizations are better protected against evolving cybersecurity threats. By working together with IT and creating a culture of responsiveness, HR plays a vital role in minimizing risk and protecting company data.
Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).
