Settings
Language
Color Theme
Cybersecurity for human resource professionals
HR professionals protect more than policies and processes. They safeguard employee data, payroll accuracy, and workplace trust. A single compromise can expose highly sensitive employee information.
Why HR is a prime target
HR teams manage personal data, salary information, contracts, and identity documents. Cybercriminals know that one convincing phishing message can lead to financial fraud or large-scale data exposure.
Access to sensitive employee data
HR systems contain tax forms, identification documents, home addresses, salary details, and bank information.
Authority to make account changes
HR can update payroll details and employment records. These changes can have immediate financial impact.
High trust environment
Employees trust HR teams. If cybercriminals impersonate HR, staff may respond quickly without questioning legitimacy.
Is the following statement True or False:
HR teams are unlikely targets because cybersecurity is handled by IT.
Loading...
View Options Again
True
False
Why do cybercriminals frequently target HR professionals?
Loading...
View Options Again
HR does not have authority to update records
Only finance teams are targeted in organizations
HR manages sensitive employee data and can influence payroll
HR rarely handles confidential information
Payroll scams
One of the most common cyberattacks that HR professionals face involve requests to change bank details. Cybercriminals impersonate employees in an attempt to redirect salary payments.
Is the following statement True or False:
Requests to update bank details should always be independently verified before changes are made.
Loading...
View Options Again
True
False
Protecting employee documents
HR stores highly sensitive documents including identification, contracts, and tax forms. Unauthorized disclosure can lead to identity theft and regulatory consequences. Requests to access this data should always be verified over multiple trusted communication channels, such as an email and then a phone call.
Is the following statement True or False:
If a request appears internal and routine, document sharing does not require verification.
Loading...
View Options Again
True
False
Pressure and emotional manipulation
HR handles sensitive matters involving pay, disputes, and employment status. Cybercriminals may exploit urgency or sympathy to push fast decisions.
Is the following statement True or False:
Urgency and emotional language can be warning signs of social engineering.
Loading...
View Options Again
True
False
An individual calls HR and claims they haven't received their pay and insists on an immediate bank update. What should you do?
Loading...
View Options Again
Update the details immediately to help
Verify the request using trusted contact details before taking action
Ignore the message
Ask them to send more personal information first
Impersonation beyond email
HR professionals may be targeted through phone calls or text messages where attackers impersonate employees or executives.
You receive a call from an unknown number claiming to be the CEO, requesting sensitive information. What should you do?
Loading...
View Options Again
Provide the information because they are senior
Ask them to send the request by text message
Confirm their identity through a known and trusted communication channel first
Share partial information to reduce risk
Which is a common red flag in HR-targeted attacks?
Loading...
View Options Again
Urgent requests to change payroll information or share personal data
Scheduled policy updates on the intranet
Standard leave approvals in the HR system
Routine onboarding tasks within approved platforms
Compromised HR accounts create wider risk
If an HR mailbox is compromised, attackers can send believable phishing messages to employees, requesting credentials, and harvesting sensitive data.
Is the following statement True or False:
If an HR email account is compromised, the risk is limited to that inbox.
Loading...
View Options Again
True
False
Process protects people
Cybersecurity in HR is about protecting employees. Careful verification, secure handling of documents, and disciplined payroll controls mitigate against common cyberattacks.
Back
Next
Translation Correction
×
Select a translation to correct...
Begin the Guided Tour
[0, "Begin the Guided Tour", "Begin the Guided Tour"],
Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.
[1, "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.", "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action."],
Compose
[2, "Compose", "Compose"],
Folders
[3, "Folders", "Folders"],
Inbox
[4, "Inbox", "Inbox"],
Starred
[5, "Starred", "Starred"],
Draft
[6, "Draft", "Draft"],
Sent Mail
[7, "Sent Mail", "Sent Mail"],
Spam
[8, "Spam", "Spam"],
Trash
[9, "Trash", "Trash"],
[URGENT] Claim Your Work From Home Set-Up Payment
[10, "[URGENT] Claim Your Work From Home Set-Up Payment", "[URGENT] Claim Your Work From Home Set-Up Payment"],
Human Resources
[11, "Human Resources", "Human Resources"],
to
[12, "to", "to"],
Claim Your Work From Home Set-Up Payment
[13, "Claim Your Work From Home Set-Up Payment", "Claim Your Work From Home Set-Up Payment"],
Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of
[14, "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of", "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of"],
to ensure that you have a suitable home working set-up.
[15, "to ensure that you have a suitable home working set-up.", "to ensure that you have a suitable home working set-up."],
To receive the payment via payroll
[16, "To receive the payment via payroll", "To receive the payment via payroll"],
you will need to complete this
[17, "you will need to complete this", "you will need to complete this"],
acknowledgement form
[18, "acknowledgement form", "acknowledgement form"],
For more information on how to set up your home office space safely, please look at the
[19, "For more information on how to set up your home office space safely, please look at the", "For more information on how to set up your home office space safely, please look at the"],
Thank you
[20, "Thank you", "Thank you"],
The Human Resources Team
[21, "The Human Resources Team", "The Human Resources Team"],
This is an automatically generated email, please do not reply
[22, "This is an automatically generated email, please do not reply", "This is an automatically generated email, please do not reply"],
Is the following statement True or False
[23, "Is the following statement True or False", "Is the following statement True or False"],
View Options Again
[24, "View Options Again", "View Options Again"],
Email Subject: Urgent Action
[25, "Email Subject: Urgent Action", "Email Subject: Urgent Action"],
Phishing attacks are designed to put a
[26, "Phishing attacks are designed to put a", "Phishing attacks are designed to put a"],
time pressure on us to act fast
[27, "time pressure on us to act fast", "time pressure on us to act fast"],
This can cause us to skip much of the critical thinking we normally apply when browsing our emails
[28, "This can cause us to skip much of the critical thinking we normally apply when browsing our emails", "This can cause us to skip much of the critical thinking we normally apply when browsing our emails"],
Email Sender: Fradulent Address
[29, "Email Sender: Fradulent Address", "Email Sender: Fradulent Address"],
Email Sender: Fraudulent Address
[30, "Email Sender: Fraudulent Address", "Email Sender: Fraudulent Address"],
Attackers will often use
[31, "Attackers will often use", "Attackers will often use"],
obscure email addresses and use display names
[32, "obscure email addresses and use display names", "obscure email addresses and use display names"],
that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information
[33, "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information", "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information"],
Email Content: Engaging Topic
[34, "Email Content: Engaging Topic", "Email Content: Engaging Topic"],
Attackers often use a
[35, "Attackers often use a", "Attackers often use a"],
broad but important topic
[36, "broad but important topic", "broad but important topic"],
to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.
[37, "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.", "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes."],
Email Link: Phishing Website
[38, "Email Link: Phishing Website", "Email Link: Phishing Website"],
hovering over the link
[39, "hovering over the link", "hovering over the link"],
you'll see the true link location. Often this is enough to see the malicious intent.
[40, "you'll see the true link location. Often this is enough to see the malicious intent.", "you'll see the true link location. Often this is enough to see the malicious intent."],
Wrapping up
[41, "Wrapping up", "Wrapping up"],
If you
[42, "If you", "If you"],
spot anything suspicious
[43, "spot anything suspicious", "spot anything suspicious"],
with the email sender, subject, content, links or attachments
[44, "with the email sender, subject, content, links or attachments", "with the email sender, subject, content, links or attachments"],
Don't take the risk. Report the email to your IT or Security team for review.
[45, "Don't take the risk. Report the email to your IT or Security team for review.", "Don't take the risk. Report the email to your IT or Security team for review."],
Submit
[46, "Submit", "Submit"],
Next
[47, "Next", "Next"],
Back
[48, "Back", "Back"],
Malicious links will often appear with innocent looking text. By
[49, "Malicious links will often appear with innocent looking text. By", "Malicious links will often appear with innocent looking text. By"],
Correct!
[50, "Correct!", "Correct!"],
Incorrect
[51, "Incorrect", "Incorrect"],
True
[52, "True", "True"],
False
[53, "False", "False"],
Change language
[54, "Change language", "Change language"],
Current Language
[55, "Current Language", "Current Language"],
Use Browser Settings
[56, "Use Browser Settings", "Use Browser Settings"],
Select a language
[57, "Select a language", "Select a language"],
Change Language
[58, "Change Language", "Change Language"],
Please select a language
[59, "Please select a language", "Please select a language"],
Language
[60, "Language", "Language"],
Color Theme
[61, "Color Theme", "Color Theme"],
Color Theme And Background Selector
[62, "Color Theme And Background Selector", "Color Theme And Background Selector"],
Colorful Theme
[63, "Colorful Theme", "Colorful Theme"],
Select Theme
[64, "Select Theme", "Select Theme"],
Close
[65, "Close", "Close"],
Dark Theme
[66, "Dark Theme", "Dark Theme"],
Green Theme
[67, "Green Theme", "Green Theme"],
Purple Theme
[68, "Purple Theme", "Purple Theme"],
Light Theme
[69, "Light Theme", "Light Theme"],
Blue Theme
[70, "Blue Theme", "Blue Theme"],
Settings
[71, "Settings", "Settings"],
Theme Selected
[72, "Theme Selected", "Theme Selected"],
This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!
[73, "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!", "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!"],
Translation Correction
[74, "Translation Correction", "Translation Correction"],
Select a translation to correct...
[75, "Select a translation to correct...", "Select a translation to correct..."],
Original Text
[76, "Original Text", "Original Text"],
Correct Translation
[77, "Correct Translation", "Correct Translation"],
Translation to correct...
[78, "Translation to correct...", "Translation to correct..."],
Submissions are reviewed and applied within 48 hours.
[79, "Submissions are reviewed and applied within 48 hours.", "Submissions are reviewed and applied within 48 hours."],
Submit Correction
[80, "Submit Correction", "Submit Correction"],
Submission Successfully Sent
[81, "Submission Successfully Sent", "Submission Successfully Sent"],
Submission Error - Please Try Again
[82, "Submission Error - Please Try Again", "Submission Error - Please Try Again"],
Submission Sending...
[83, "Submission Sending...", "Submission Sending..."],
Mandatory Viewing
[84, "Mandatory Viewing", "Mandatory Viewing"],
Please watch the video from beginning to end before proceeding.
[85, "Please watch the video from beginning to end before proceeding.", "Please watch the video from beginning to end before proceeding."],
Ok
[86, "Ok", "Ok"],
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
[87, "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.", "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant."],
Language translation for this training module has been disabled and explicitly set to the following language
[88, "Language translation for this training module has been disabled and explicitly set to the following language", "Language translation for this training module has been disabled and explicitly set to the following language"],
I acknowledge
[89, "I acknowledge", "I acknowledge"],
Thank you for providing an acknowledgement
[90, "Thank you for providing an acknowledgement", "Thank you for providing an acknowledgement"],
Cybersecurity-For-Human-Resources
[91, "Cybersecurity-For-Human-Resources", "Cybersecurity-For-Human-Resources"],
Cybersecurity for human resource professionals
[92, "Cybersecurity for human resource professionals", "Cybersecurity for human resource professionals"],
HR professionals protect more than policies and processes. They safeguard employee data, payroll accuracy, and workplace trust. A single compromise can expose highly sensitive employee information.
[93, "HR professionals protect more than policies and processes. They safeguard employee data, payroll accuracy, and workplace trust. A single compromise can expose highly sensitive employee information.", "HR professionals protect more than policies and processes. They safeguard employee data, payroll accuracy, and workplace trust. A single compromise can expose highly sensitive employee information."],
Why HR is a prime target
[94, "Why HR is a prime target", "Why HR is a prime target"],
HR teams manage personal data, salary information, contracts, and identity documents. Cybercriminals know that one convincing phishing message can lead to financial fraud or large-scale data exposure.
[95, "HR teams manage personal data, salary information, contracts, and identity documents. Cybercriminals know that one convincing phishing message can lead to financial fraud or large-scale data exposure.", "HR teams manage personal data, salary information, contracts, and identity documents. Cybercriminals know that one convincing phishing message can lead to financial fraud or large-scale data exposure."],
Access to sensitive employee data
[96, "Access to sensitive employee data", "Access to sensitive employee data"],
HR systems contain tax forms, identification documents, home addresses, salary details, and bank information.
[97, "HR systems contain tax forms, identification documents, home addresses, salary details, and bank information.", "HR systems contain tax forms, identification documents, home addresses, salary details, and bank information."],
Authority to make account changes
[98, "Authority to make account changes", "Authority to make account changes"],
HR can update payroll details and employment records. These changes can have immediate financial impact.
[99, "HR can update payroll details and employment records. These changes can have immediate financial impact.", "HR can update payroll details and employment records. These changes can have immediate financial impact."],
High trust environment
[100, "High trust environment", "High trust environment"],
Employees trust HR teams. If cybercriminals impersonate HR, staff may respond quickly without questioning legitimacy.
[101, "Employees trust HR teams. If cybercriminals impersonate HR, staff may respond quickly without questioning legitimacy.", "Employees trust HR teams. If cybercriminals impersonate HR, staff may respond quickly without questioning legitimacy."],
HR teams are unlikely targets because cybersecurity is handled by IT.
[102, "HR teams are unlikely targets because cybersecurity is handled by IT.", "HR teams are unlikely targets because cybersecurity is handled by IT."],
Cybercriminals target people who control sensitive data and payments. HR decisions can directly expose data or redirect funds.
[103, "Cybercriminals target people who control sensitive data and payments. HR decisions can directly expose data or redirect funds.", "Cybercriminals target people who control sensitive data and payments. HR decisions can directly expose data or redirect funds."],
Why do cybercriminals frequently target HR professionals?
[104, "Why do cybercriminals frequently target HR professionals?", "Why do cybercriminals frequently target HR professionals?"],
HR manages sensitive employee data and can influence payroll
[105, "HR manages sensitive employee data and can influence payroll", "HR manages sensitive employee data and can influence payroll"],
HR rarely handles confidential information
[106, "HR rarely handles confidential information", "HR rarely handles confidential information"],
HR does not have authority to update records
[107, "HR does not have authority to update records", "HR does not have authority to update records"],
Only finance teams are targeted in organizations
[108, "Only finance teams are targeted in organizations", "Only finance teams are targeted in organizations"],
Access to personal data and payroll systems makes HR a high-value target for fraud and identity theft.
[109, "Access to personal data and payroll systems makes HR a high-value target for fraud and identity theft.", "Access to personal data and payroll systems makes HR a high-value target for fraud and identity theft."],
Payroll scams
[110, "Payroll scams", "Payroll scams"],
One of the most common cyberattacks that HR professionals face involve requests to change bank details. Cybercriminals impersonate employees in an attempt to redirect salary payments.
[111, "One of the most common cyberattacks that HR professionals face involve requests to change bank details. Cybercriminals impersonate employees in an attempt to redirect salary payments.", "One of the most common cyberattacks that HR professionals face involve requests to change bank details. Cybercriminals impersonate employees in an attempt to redirect salary payments."],
Requests to update bank details should always be independently verified before changes are made.
[112, "Requests to update bank details should always be independently verified before changes are made.", "Requests to update bank details should always be independently verified before changes are made."],
Cybercrminals rely on urgency and impersonation to increase the effectiveness of payroll scams. By independently verifying requests across multiple communication channels, HR professionals can prevent these attacks from succeeding.
[113, "Cybercrminals rely on urgency and impersonation to increase the effectiveness of payroll scams. By independently verifying requests across multiple communication channels, HR professionals can prevent these attacks from succeeding.", "Cybercrminals rely on urgency and impersonation to increase the effectiveness of payroll scams. By independently verifying requests across multiple communication channels, HR professionals can prevent these attacks from succeeding."],
Protecting employee documents
[114, "Protecting employee documents", "Protecting employee documents"],
HR stores highly sensitive documents including identification, contracts, and tax forms. Unauthorized disclosure can lead to identity theft and regulatory consequences. Requests to access this data should always be verified over multiple trusted communication channels, such as an email and then a phone call.
[115, "HR stores highly sensitive documents including identification, contracts, and tax forms. Unauthorized disclosure can lead to identity theft and regulatory consequences. Requests to access this data should always be verified over multiple trusted communication channels, such as an email and then a phone call.", "HR stores highly sensitive documents including identification, contracts, and tax forms. Unauthorized disclosure can lead to identity theft and regulatory consequences. Requests to access this data should always be verified over multiple trusted communication channels, such as an email and then a phone call."],
If a request appears internal and routine, document sharing does not require verification.
[116, "If a request appears internal and routine, document sharing does not require verification.", "If a request appears internal and routine, document sharing does not require verification."],
Cybercriminals often mimic internal requests. Just because a request seems routine does not mean it's legitimate.
[117, "Cybercriminals often mimic internal requests. Just because a request seems routine does not mean it's legitimate.", "Cybercriminals often mimic internal requests. Just because a request seems routine does not mean it's legitimate."],
Pressure and emotional manipulation
[118, "Pressure and emotional manipulation ", "Pressure and emotional manipulation "],
HR handles sensitive matters involving pay, disputes, and employment status. Cybercriminals may exploit urgency or sympathy to push fast decisions.
[119, "HR handles sensitive matters involving pay, disputes, and employment status. Cybercriminals may exploit urgency or sympathy to push fast decisions. ", "HR handles sensitive matters involving pay, disputes, and employment status. Cybercriminals may exploit urgency or sympathy to push fast decisions. "],
Urgency and emotional language can be warning signs of social engineering.
[120, "Urgency and emotional language can be warning signs of social engineering.", "Urgency and emotional language can be warning signs of social engineering."],
Cybercriminals create pressure to reduce scrutiny. Sensitive requests should never bypass standard verification processes.
[121, "Cybercriminals create pressure to reduce scrutiny. Sensitive requests should never bypass standard verification processes.", "Cybercriminals create pressure to reduce scrutiny. Sensitive requests should never bypass standard verification processes."],
An individual calls HR and claims they haven't received their pay and insists on an immediate bank update. What should you do?
[122, "An individual calls HR and claims they haven't received their pay and insists on an immediate bank update. What should you do? ", "An individual calls HR and claims they haven't received their pay and insists on an immediate bank update. What should you do? "],
Update the details immediately to help
[123, "Update the details immediately to help", "Update the details immediately to help"],
Verify the request using trusted contact details before taking action
[124, "Verify the request using trusted contact details before taking action", "Verify the request using trusted contact details before taking action"],
Ask them to send more personal information first
[125, "Ask them to send more personal information first", "Ask them to send more personal information first"],
Ignore the message
[126, "Ignore the message", "Ignore the message"],
Verification using known, trusted contact information can help prevent payroll scams.
[127, "Verification using known, trusted contact information can help prevent payroll scams.", "Verification using known, trusted contact information can help prevent payroll scams."],
Impersonation beyond email
[128, "Impersonation beyond email", "Impersonation beyond email"],
HR professionals may be targeted through phone calls or text messages where attackers impersonate employees or executives.
[129, "HR professionals may be targeted through phone calls or text messages where attackers impersonate employees or executives.", "HR professionals may be targeted through phone calls or text messages where attackers impersonate employees or executives."],
You receive a call from an unknown number claiming to be the CEO, requesting sensitive information. What should you do?
[130, "You receive a call from an unknown number claiming to be the CEO, requesting sensitive information. What should you do?", "You receive a call from an unknown number claiming to be the CEO, requesting sensitive information. What should you do?"],
Provide the information because they are senior
[131, "Provide the information because they are senior", "Provide the information because they are senior"],
Confirm their identity through a known and trusted communication channel first
[132, "Confirm their identity through a known and trusted communication channel first", "Confirm their identity through a known and trusted communication channel first"],
Share partial information to reduce risk
[133, "Share partial information to reduce risk", "Share partial information to reduce risk"],
Ask them to send the request by text message
[134, "Ask them to send the request by text message", "Ask them to send the request by text message"],
Authority can be impersonated. Verification through known and trusted communication channels protects sensitive information.
[135, "Authority can be impersonated. Verification through known and trusted communication channels protects sensitive information. ", "Authority can be impersonated. Verification through known and trusted communication channels protects sensitive information. "],
Which is a common red flag in HR-targeted attacks?
[136, "Which is a common red flag in HR-targeted attacks?", "Which is a common red flag in HR-targeted attacks?"],
Urgent requests to change payroll information or share personal data
[137, "Urgent requests to change payroll information or share personal data", "Urgent requests to change payroll information or share personal data"],
Scheduled policy updates on the intranet
[138, "Scheduled policy updates on the intranet", "Scheduled policy updates on the intranet"],
Standard leave approvals in the HR system
[139, "Standard leave approvals in the HR system", "Standard leave approvals in the HR system"],
Routine onboarding tasks within approved platforms
[140, "Routine onboarding tasks within approved platforms", "Routine onboarding tasks within approved platforms"],
Urgent changes involving money or personal data are frequently used in HR-related cyberattacks.
[141, "Urgent changes involving money or personal data are frequently used in HR-related cyberattacks.", "Urgent changes involving money or personal data are frequently used in HR-related cyberattacks."],
Compromised HR accounts create wider risk
[142, "Compromised HR accounts create wider risk", "Compromised HR accounts create wider risk"],
If an HR mailbox is compromised, attackers can send believable phishing messages to employees, requesting credentials, and harvesting sensitive data.
[143, "If an HR mailbox is compromised, attackers can send believable phishing messages to employees, requesting credentials, and harvesting sensitive data.", "If an HR mailbox is compromised, attackers can send believable phishing messages to employees, requesting credentials, and harvesting sensitive data."],
If an HR email account is compromised, the risk is limited to that inbox.
[144, "If an HR email account is compromised, the risk is limited to that inbox.", "If an HR email account is compromised, the risk is limited to that inbox."],
HR accounts are trusted. A compromise can allow attackers to scale phishing and data theft across the workforce.
[145, "HR accounts are trusted. A compromise can allow attackers to scale phishing and data theft across the workforce.", "HR accounts are trusted. A compromise can allow attackers to scale phishing and data theft across the workforce."],
Process protects people
[146, "Process protects people ", "Process protects people "],
Cybersecurity in HR is about protecting employees. Careful verification, secure handling of documents, and disciplined payroll controls mitigate against common cyberattacks.
[147, "Cybersecurity in HR is about protecting employees. Careful verification, secure handling of documents, and disciplined payroll controls mitigate against common cyberattacks.", "Cybersecurity in HR is about protecting employees. Careful verification, secure handling of documents, and disciplined payroll controls mitigate against common cyberattacks."],
[148, "", ""],
Original Text (English)
Correct Translation (English)
Submissions are reviewed and applied within 48 hours.
Color Theme And Background Selector
×
Colorful Theme
Select Theme
Blue Theme
Select Theme
Light Theme
Select Theme
Purple Theme
Select Theme
Green Theme
Select Theme
Dark Theme
Select Theme
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
