With employees being such a key part of every organisation, it only makes sense that HR departments should be involved in many of the key aspects of everyday business activities. However, until recently, this was not the case when it came to the rapidly increasing risk that cybercrime poses to businesses. It has largely been left to the IT department to ensure that companies remain safe from this risk. This is slowly changing and HR departments are being asked to weigh in on cybersecurity issues.
In this post, we will be examining the role of HR in cybersecurity and looking at the reasons why HR departments need to weigh in on this matter.
A Convergence of Changes in the Modern Business Landscape
The increased involvement of HR departments in cybersecurity-related matters is largely due to the convergence of several changes in the way business is done in the digital age. Employees today rely more on digital devices than ever before and many businesses are moving from analogue processes to digital processes. This creates a greater attack surface for cybercriminals and elevates the risk of falling victim to cybercrime significantly. Until recently, securing a business against cybercrime did not include the HR department.
However, research shows that employees pose a significant threat to the cybersecurity of any organisation. This phenomenon is known as insider risk and the best way to manage this risk is through cooperation between the HR- and IT departments in a business.
Data Management and Access Control are Critical
Businesses are built on data and managing this data is critical to the survival and continued growth of any business. Governmental regulation of data has increased significantly in recent years and misuse of personal data by a business or its employees can have severe consequences. That said, employees require access to this, often sensitive, data to do their jobs.
One of the best ways to minimise the internal risk is to control the level of access that employees have to data. Since the HR department is directly responsible for the management of employees and the tasks that they need to perform, it is only logical that this is also the department that is best positioned to weigh in on the level of data access that specific employees require. By fostering cooperation between the HR- and IT departments, it is possible to create strong and effective data access management policies.
Improved Training and Onboarding Processes
The contribution that HR departments can make to ensuring the cybersecurity of a business begins with the onboarding of new employees. Traditionally the onboarding of new employees is the responsibility of the HR department. By providing new employees with a proper introduction to the company's cybersecurity policies during the onboarding phase, HR departments can foster a sense of communal responsibility for cybersecurity amongst employees. In addition, HR departments can provide regular refresher courses that address developments in cybersecurity policies and reinforce the importance of safe computing practices to employees.
Creation of a Cybersecurity Aware Culture
Since the HR department is almost always the first and last interaction that employees have with a business or employer, this department is best placed to create and promote a positive cybersecurity culture amongst employees. It is often thought that the responsibility of training employees to use safe computing practices falls squarely on the shoulders of the IT department but the HR department also has a leading role to play.
Due to the increased contact between the HR department and employees, the HR department is better placed to provide information, training and assistance to employees when it comes to cybersecurity. Through this, the HR department can play a big role in creating an environment in which employees consider the cybersecurity risks associated with the actions they perform daily.
Acting as a Gatekeeper
Considering the potential insider risk that employees pose to a company, employees must be vetted before they are allowed to access sensitive information. Since the HR department is usually engaged in the employment of new employees, HR policies must include the vetting of potential employees as part of general background checks. HR departments can look out for potential indicators of problematic behaviour, such as sharing of confidential information on social networks etc., before considering employing a specific person. It is, of course, important that such checks be executed with the explicit consent of any potential employee.
Assistance in Risk Assessment
Most cybersecurity policies include regular and ongoing cyber risk assessments. HR departments can assist in the conducting of such risk assessments by looking for problems such as misplaced ID cards, unsecured workstations and irresponsible use of company-issued devices. The results of risk assessments are vital to the development of effective cybersecurity policies and there must be good cooperation between the IT- and HR departments to ensure that all potential risks are identified. In addition, HR departments should ensure that their own policies are in-line with the organisation's overreaching cybersecurity policies and any gaps in this respect can be identified through risk assessments.
In Conclusion
From the above points, it is easy to surmise that HR departments have a very important role to play in organisations. This role clearly also extends to the identification and management of any potential cybersecurity risks as well as the development of effective policies to reduce potential exposure to cybercrimes. Despite this, the involvement and contributions of HR departments towards the management of cybersecurity risks are still seen as inferior to those provided by other departments. To tackle the problem posed by cybercriminals as effectively as possible, this view needs to change. Close cooperation between the various departments in a business gives that business the best protection against cybercrimes.
Latest posts by Milica Vojnic (see all)
- Understanding The Role Of HR In Cybersecurity And Why It’s Important - February 26, 2023
