two-factor authentication

Cybersecurity has become more of a hot button issue over the past year than perhaps at any other point in the 21st century. High-profile data thefts and breaches have left the business world understandably nervous about the prospects of things like ransomware attacks. The unprecedented switch to remote work has added another variable to the situation, with people now accessing company data from outside the purview of employer IT networks and cybersecurity infrastructure.

Cybersecurity is becoming something employees are being asked to take upon themselves. As an HR professional, these cybersecurity concerns have a unique dimension, given that HR has unmatched access to sensitive employee and company data. With that in mind, below are three cybersecurity tips for HR professionals. 


VPNs have become invaluable cybersecurity tools for remote workers across all industries, as more and more people access company data and networks from their homes and co-working spaces. The purpose of a VPN is to help establish a protected network connection by encrypting your internet traffic and disguising your online identity. The objective is to make it difficult for unauthorized actors or intruders to track, intercept and steal your data. 

A VPN is one of the most important cybersecurity tips for HR professionals because working remotely means sending and receiving sensitive employee and company data from outside the secure confines of company networks. If you, as an HR professional, are tasked with handling and managing intimate employee information, the responsible and ethical thing to do, as both a company and an individual worker, is to make it as difficult as possible for would-be thieves. 

Two-factor Authentication

Two-factor authentication refers to the steps required to gain access to a database or network, and it is one of the universal cybersecurity best practices. Single-factor authentication (i.e., just a password) means all cybercriminals have to do to get access to your data is guess or crack your password. Even if you believe your password is robust and difficult to steal, phishing, spidering, social engineering, brute force attacks, rainbow table attacks and network analysing tools are commonly used by hackers to uncover passwords. 

Two-factor authentication is another valuable cybersecurity tip for HR professionals and for organizations more broadly because it means hackers need to circumvent another level of protection before gaining access to data. If you have a password combined with a security question that only you know the answer to, it makes it much more difficult for criminals. Two-factor authentication should be part of all applications and programs used by HR professionals working remotely, especially on benefits platforms that contain sensitive employee data with compliance requirements, and particularly health data. 

Be Skeptical

Perhaps the most important cybersecurity tip for HR professionals is to remain skeptical of all incoming emails you see. Phishing is one of, if not the most common way cybercriminals attempt to gain access to company data, in recognition of the fact that the biggest threat to company data is employee negligence. Phishing emails often look very legitimate and appear to come from trustworthy and authoritative sources. The nefariousness of these emails can take several forms, including links that, when clicked, install malware and tracking software, or even hacking attempts disguised as seemingly legitimate requests from colleagues, clients and other industry professionals. 

Because HR professionals are the main point of contact between job seekers and the company, they tend to get a lot of emails. If you are an HR person who works in recruitment and hiring, be very careful about the emails you open. It is important to use a good antivirus with email scanning capabilities to ensure that what you are opening is an actual job application and not something malicious. 


It is not unreasonable to contend that HR professionals have, perhaps, a unique duty to keep abreast of and implement cybersecurity best practices, especially while working remotely, outside the protection of company IT infrastructure. HR is, in many ways, responsible for the protection of employee and applicant data, which comes with not only ethical but legal considerations, particularly where health and employment records are concerned. Keep the above three best practices in mind as you work remotely and safeguard sensitive company and employee information the way it deserves to be. 

Photo by Dan Nelson from Pexels