Human Resources Records

2.3 Human Resources (HR) Records

The largest HR or personnel records breach (break in with theft/manipulation of data) in history occurred in 2015 at the United States Office of Personnel Management or OPM for short. The breach involved the theft of 21.5 million US government employee records along with 5.6 million fingerprint records. Keep in mind that these records contain the contents of the SF86 a questionnaire completed when applying for a security clearance and include information not only about the applicant, but also about their extended families and neighbour’s. It is rumoured that the Chinese are using the information from these records to put together a “Facebook” of US government and military personnel that can be used to put pressure against them or co-opt them.

This breach was a classic case of risk versus reward. Enough golden eggs (records) existed in one place with the potential for enough damage that they were highly sought after and justified the expenditure of almost any effort to obtain them.

Access was obtained through a breach of a US Government contractor who had access, and, unfortunately, less security to go through. We the defensive team, the good guys failed to encrypt the records, disperse the records (so they’re not all in one place), and keep non-current records offline. To make matters worse, the intrusion was not detected for a long period of time.

Go back

Use A VPN

A VPN is a virtual protected network, and using one anytime you are browsing online has multiple benefits in regard to your online security. If you are on a public Internet server, such as one at Starbucks, a hotel, or any other public place, there is likely no encryption provided, making any information that you send available to a hacker that would take the time to try to access it. And many, many hackers will take the time to try to access it! A VPN can prevent this scenario because it reroutes all of your Internet browsing through a private server, making it inaccessible to private eyes.

Another benefit of a VPN is that you can access websites without being watched by a third party, such as a government entity. This is possible because you can set your VPN to route all of your Internet browsing through a server in a foreign country. If you are traveling, some countries censor certain websites, especially those that involve any kind of governmental dissent. Using a VPN will allow you to gain full access to all of those websites.

Yet another benefit of using a VPN is that you can protect your VOIP calls, such as those made over Skype or FaceTime. VOIP calls are so easy to access that even a novice hacker can break into them. The thought that someone else is listening in on your private phone calls can be unnerving at best and dangerous at worst, especially if you are sharing any kind of confidential information that you don’t want other people to be privy to.

Another benefit of using a VPN is that when you use a search engine, such as Google or Yahoo!, your searches won’t be recorded. Any time you run a search through a search engine, that search gets saved under your name. For example, if you use Google to perform a search on a device that is authorized to access your Gmail account, anytime you access your Gmail account on a different device, the results of that search will follow you. This is so that you don’t have to re-enter previous searches (it’s meant to be a convenient for you) and so that ads can better target potential customers. However, some of your searches may be a little bit embarrassing. If you search for dating advice and then that search re-appears on your date’s laptop when you use it to access your email, you may be a bit embarrassed! Some scenarios are not embarrassing but actually dangerous, especially if you are in a line of work that requires you to research difficult topics such as war crimes or brothels. Using a VPN will prevent your searches from being recorded.

Perhaps the most important reason to always use a VPN is because privacy is a right that has lately turned into a commodity. Very few people actually experience online privacy because their every move online can be tracked, either by hackers or the government. If you believe that privacy is a right that is worth protecting, then you need to make sure that you are always, ALWAYS using a VPN.

Go back