[ news_security_news ]
HR Application Process May Endanger Companies
David Utter
Staff Writer
2008-01-29
 Security News RSS Feed
It does no good to tell people not to open email from untrusted sources, much less attachments, only to have one department do so all the time.
Typical human resources requests of job applicants include requiring them to send along an application and/or résumé by email as an attachment. They routinely open messages, hopefully on machines with up to date security software, and whatever items have tagged along for the ride.
Security vendor Symantec called HR "a weak link in the security of a company." Though convenient for hiring managers, email isn't the wisest resource to use to recruit staffers.
"This turns out to be a convenient entry point where attackers can gain access to company servers and sensitive information since HR usually stores all employee personal information, including social security numbers and bank account information for direct deposit," said M.K. Low.
By sending targeted malware-bearing email to human resources addresses, an attacker could conceivably tap all the important, sensitive data available to that department. All it takes is one Trojan compromising a machine with the HR user's rights.
To avoid this potential, which Low observed at several international company sites, a business should use a system that has applicants cut and paste a résumé into a web-based application. No email means no emailed threat vector for criminals.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
