A number of cybersecurity issues emerge due to the actions of company employees, but human resource managers and professionals can be on guard against these threats by understanding the role of cybersecurity.
Employees are often the weakest link when it comes to cybersecurity but HR professionals can help guard against some of those vulnerabilities.
Cybersecurity is becoming more of a big deal for every aspect of business – including human resource professionals. It makes sense for HR teams to be involved in preventing cyber-attacks because they are often the gatekeepers of the personal information that hackers so often go after.
In his article on Workforce, Andie Burjek calls HR and IT the “dynamic duo in fighting Cybersecurity risks.” Here’s why:
The information technology and human resources department, together, make a smart team in fighting these risks because most cybersecurity threats come from inside the company.
This is especially concerning because of the great financial effect a security breach can have on a company. For example, there has been a 64 percent increase in security breaches from 2014 to 2015, according to the U.S. Department of Homeland Security, and the average breach costs a business $3.8 million, according to a 2015 Ponemon Institute study.
So, what should every HR worker know about Cybersecurity?
HR professionals need to realize that they work with some of the most vulnerable data in an organization.
This is information that applies to employees that could personally identify them if stolen—information such as social security numbers, date of birth, banking information, addresses, etc. Much of this information will be stored in the company’s payroll system which can be especially targeted by hackers. HR workers need to ensure that no personally identifiable information is stored in a way that is accessible to the public, including via hardcopy or on unauthorized laptops or other electronic devices.
HR professionals need to understand that their most likely cyber-attacks will come from current employees.
These attacks are mostly caused by human error and ignorance—an employee clicking on a malicious link in an email on the company’s network, providing his login details to a service or company external of the company’s network, or downloading malware onto a company computer. Sometimes, however, the cyber-attack can come from a disgruntled employee searching for a way to harm the company or another co-worker. According to the Ponemon Institute’s 2018 Cost of Insider Threats Study, at least 60 percent of data breaches are carried out by insiders, including current and former employees who take information with them as they leave a job, either maliciously or not.
HR professionals need to know how to actively protect the data that comes their way.
Kasey Stevens writes in an article for MJ Insurance, “It is imperative that HR pros understand the different ways a hacker may try to gain access to information – phishing, ransomware, bots, Trojans, malware, spyware, etc. And it doesn’t help to just know about these threats; it is important to be able to identify and thwart them. From an internal perspective, HR pros should be offering training to their employees on identifying and reporting these threats.”
HR professionals need to be a part of Cybersecurity efforts within the company.
Cybersecurity shouldn’t just be under the purview of the IT team. Breaches rarely occur within the domain of those who specialize in information technology; the weak link is usually elsewhere. While the IT department should be on hand to aid other departments in shoring up cyber defenses, every department, including HR, should be on hand to discuss ways to prevent breaches and defend against attacks.
HR should be heavily involved in crafting and enforcing company-wide security policies.
Simple things like password security, logging out of a computer when finished using it, only using company devices for company purposes, and not accessing external internet networks from inside the company’s private network can go a long way. It is the HR department’s responsibility to communicate these rules to employees and facilitate their training in company security policy if necessary, so they should be involved in creating these policies from the start. HR should not be afraid to hold employees accountable for following established policy and revoke the privileges of those who do not abide by those policies.
Whether they realize it or not, HR professionals play a large role in helping to maintain a secure workplace.