Blog, news & updates

Why support and HR teams are most at risk to cyber attacks

Why support and HR teams are most at risk to cyber attacks

As technology advances, it continues to create incredible apps and services that make our lives so much easier, take mobile banking from your mobile phone for example, how did we ever live without it?!

However, on the flip-side, fraudsters are adapting to new technology by finding the vulnerabilities in them and unfortunately, exploiting thousands, if not millions, of innocent people.

Some of the most commonly targeted areas of an organisation for cyber crime are customer service and human resource teams. But why is this the case?

Why customer service teams could be a security weak point

Sadly, customer service and support teams can be the most vulnerable part of a company’s fraud-prevention program. And one of the main reasons for this is the difficulty in defending yourself against ‘vishing’ or voice phishing.

What is ‘vishing’?

the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers


The attacks are designed to generate fear and immediate response and therefore occur within short time frames.

With lots of consumers becoming savvier to existing fraudulent scams like email phishing and fake websites, fraudsters have already developed more sophisticated scams, and they are becoming increasingly common.

A few common themes among vishing scams include:

  • Suspicious activity regarding your bank account
  • Overdue or unpaid taxes to tax agencies
  • Prize or contest winnings (such as a holiday or newly-released pricey products)
  • IT support calling to remotely access your PC to fix an issue

Why HR could be a security weak point

A 2020 survey by OGL IT Solutions found that HR was one of the primary industry sectors targeted by cyber attacks.

They found that 60% of reported data breaches in organisations were as a result of successful cyber attacks through HR functions.

There are a number of reasons this area might be targeted...

Increased risk of cyber attacks from home working

In early 2020, at the start of the pandemic, there was a huge increase in homeworking, which allowed many organisations to continue to operate remotely.

There was a massive increase in sales of electronics as well as a general increase of the number of people using the internet.

Many of those working from home would have downloaded softwares, clicked on malicious links in adverts, and inadvertently allowed cyber criminals to infect their devices or gain access to sensitive information.

These actions could have been stopped with the correct company IT policies in place, but with many other concerns around homeworking and the pandemic, some organisations never reminded their employees of the importance of cyber security, especially whilst working from home.

The rise in social engineering

Most cyber attacks start with a victim being manipulated into taking some sort of action or disclosing sensitive information about themselves or their organisation.

HR professionals are often the targeted victims of these attempted cyber attacks as they tend to hold the key to the most valuable information about their organisation including personal data, financial information, and private company information.

Individual mistakes, which occur more often for those that have a lack of knowledge surrounding cyber security, is the most common cause for cyber attacks.

Phishing and vishing

Although we previously listed this as an issue for support teams, phishing and vishing can be equally as damaging for those working in HR.

As gatekeepers of lots of sensitive information, which could be considered incredibly valuable by cyber criminals, phishing and vishing attempts are often sent through to those working in a HR role.

Take this for an example: A HR employee receives an email that is seemingly from the Managing Director and they are asking for help to amend their bank details in the payroll system.

Because this email is seemingly from a trustworthy individual and it’s an important topic, it adds a sense of urgency that could rush the employee and cause lapse of judgement and lead to the HR employee sending sensitive information to a cyber criminal.

How organisations can reduce the risk of fraud and bolster cyber security

Although some of these tips may sound obvious, they tend to be the most effective ways of preventing cyber criminals from interfering with your organisation.

Make staff aware of what is expected from them

Having your team understand the importance of cyber security and fraud prevention can go a long way in protecting your business. If your employees are actively keeping an eye out for suspicious activity whilst also following correct procedures, you're very unlikely to have an issue.

It is best practice to provide all staff with a Security Policy that outlines all staff’s responsibilities and organisational procedures for dealing with the threat of cyber criminals.

Assist staff with technology

Organisations should apply technical solutions to certain cyber security weak points, rather than relying on human decision making.

As we know, human error accounts for most cyber security breaches, and technology is seemingly the way forward to help prevent cyber attacks.

Examples of this include safety protocols like VPNs and firewalls, password managers, and physical or Cloud data back-ups.

Online training

It is crucial that organisations not only remind staff of what is expected of them when it comes to cyber security and fraud prevention, they should also offer them the tools to recognise and report cyber attacks and attempts at fraud.

Here at iHASCO, we offer both an Online Cyber Security Awareness Training course and a Online Fraud Awareness & Prevention Training course to help organisations equip their employees with the knowledge to prevent cyber attacks and attempts at fraud.

The courses each take 35 minutes to complete and provide the user with a printable certificate upon completion of the end-of-training test.

By educating all staff members in these areas, organisations can massively reduce the chance of an incident occurring as a result of human error. 

You can claim a free, no-obligation trial to either of the courses today!

Online Cyber Security Training