Jan 03, 2023
More and more employers are automating their human resources processes. Many also integrate their HR processes with interrelated activities, like time and labor or payroll and benefits.
However, the implementation of these technologies has triggered various security risks, including cyberthreats from criminals whose goal is to access confidential data for nefarious purposes. Below are three common cybersecurity threats facing HR.
Chatbot scams
Employers often use website chatbots to respond to routine HR-related inquiries from job candidates and employees. This frees up time for the HR team, allowing them to focus on higher-level tasks.
But industry experts say cybercriminals are developing fake chatbots that try to deceive candidates and employees by presenting themselves as though they are willing to help. The real purpose is to get candidates and employees to click on phishing links, download malicious files, or share confidential data, like credit card numbers or bank account information.
Remote work
Remote work increases the probability of telecommuters connecting to home or public routers that are not as secure as the company’s infrastructure. According to an article published by the Information Systems Audit and Control Association, or ISACA, many employees began working from home during the pandemic. In turn, they were connected to networks that were less secure than those offered at the office.
Moreover, employees downloaded various software that was not suggested or approved by their company’s information technology department. Per a 2021 press release by AT&T, research has shown that the majority of remote workers who began working from home due to COVID-19 are unintentionally yet actively causing an increase in cybersecurity risks.
AT&T’s research shows that more than half of all remote workers use their work-specific devices, like computers and tablets, for personal reasons, such as sharing their work equipment with family members.
Form W-2 scams
Form W-2 cyberscams are becoming so widespread that the IRS has developed a process that allows employers and payroll providers to report W-2 scams and any resulting data losses.
One particularly alarming scam is when cybercriminals disguise an email to make it seem as though it’s coming from a company executive. The email — which is sent to someone in HR or on the payroll team — requests a list of all employees’ W-2 forms. The intent is to steal the personal information of as many employees as possible, namely Social Security numbers.
Form W-2 scams are especially dangerous because they appear to be coming from a trusted source within the organization.
Combating cyberthreats
HR professionals can counter cyberthreats by emphasizing the importance of data security and raising awareness of these threats. It is advised that they work with their IT team or HR technology vendor to fortify and protect the system’s infrastructure.
Remote teams should have access to secure internet connectivity along with cybersecurity training that teaches them how to utilize their work device safely and responsibly. HR professionals should receive cybersecurity training that is specific to their roles as well.
Keep in mind that cyberattacks aren’t only initiated by strangers. They can be internal and initiated by employees as well, including those who either have already left or are planning to leave the company. As noted by ISACA, from an HR perspective, keeping an eye on employees who no longer work for the company and making sure that they do not have sensitive data in their possession is one of many ways to combat potential internal cyberthreats.
©2023
Jul 03, 2025
When you provide workers with additional benefits on top of their regular pay, some may be taxable. As the rules can get complicated, it pays to familiarize yourself with the requirements. Read through for an overview of which benefits are taxable.
Jul 02, 2025
Disputes over unpaid work time often arise from tasks performed outside official hours — for example, answering emails, traveling between jobsites or changing into work clothes. Employers must understand when these activities count as compensable work. Read through to learn how exempt and nonexempt statuses affect wage obligations.
Jul 01, 2025
Workers' comp insurance is essential for most businesses, but as an employer, you may have more options than you realize. Read through for an introduction to the pay-as-you-go model and the advantages of outsourcing it.
Jun 30, 2025
Employers must ensure that break policies comply with wage laws, especially when employees work through lunch, answer emails after hours or remain on call. Similarly, misclassifying paid and unpaid breaks can lead to wage violations and legal risks. Read through for key guidelines on tracking break time and maintaining compliance.
Jun 04, 2025
Have you heard of key person insurance? This is a type of life insurance policy that may positively benefit your business’s continuity, though it has both tax and financial implications. Read through to see whether key person insurance is right for your company.
Jun 03, 2025
Do you have questions about the tax treatment of payments for part-time and seasonal help? These employees are subject to the same rules that apply to all employees — with some twists. Read through for some help on tax rules regarding part-time and seasonal help.
More News & Press can be found in our Archive.
