Describe ways hacker can gain access to employee information
Part 1 – Q1. Security Threats to Employee Information” Please respond to the following:
Cyber security threats have been on the rise over the last few decades. With more advanced technology, hackers have found ways to break through security defenses and haul away employee information. The headlines are filled with news on security breaches on very well-known organizations. First, watch the video “Massive cyber attack strikes Anthem” (1 min 43 s), located at http://www.reuters.com/video/2015/02/05/massive-cyberattack-strikes-anthem?videoId=363104985&mod=related&channelName=cybersecurity, and then please respond to the following question:
Describe two (2) ways a hacker can gain access to employee information. Recommend the steps an organization could take to address these security breaches after the fact. Then, outline a plan for preventing these breaches from occurring, and specify the legal requirements you would structure around information security in an HRIS.
Part 2 – Respond to the information.
Two ways that hacker can steal the employee’s confidential information from an HRIS system is a phishing scam and buffer overflow. A phishing scam is when the hacker sent out a fake email that looks authentic to all users of the HRIS system asking them to verify their information by clicking on a special link. Then the hackers use the information to promote their illegal activities. The best way to fight this type of hacking is to provide training and education to the users to what to look for to ensure that they are on the real site; and to educate them to never give their personal information without asking HR first.
Buffer Overflow is a software bug that cause the written data code to buffer which make it to overrun it designated boundary. This overrunning allows the hacker to be able to overwrite the coding and to extract information for the protected data. The best way to eliminate this problem is to hire an unified threat management team that will monitor the system, identify the breach and stop it before any confidential information is breach.
An organization has legal responsibility to ensure that their employees’ personal information is safe from unauthorized individual therefore, they need to establish an unified threat management team to handle security.