How HR can mitigate online security threats

Analysis

How HR can mitigate online security threats

As you store and share more and more sensitive company information, including HR records and data, your business becomes more vulnerable to cyber criminals. What can HR do?

As you store and share more and more sensitive company information, including HR records and data, and use more online services, your business becomes more vulnerable to cyber criminals.

Online security is not just the responsibility of Information Technology (IT), it’s a holistic, business-wide issue. 

Why HR must be involved 

 
People are often the weakest link when it comes to online security. The organisation's security and privacy safeguards are no better than the people who implement and use them. Be aware that a high percentage of all data loss is caused by both careless and fraudulent human error, either by sending out confidential or sensitive information to the wrong people, or in an unsecured way. 
 
This makes it imperative that HR, working in collaboration with IT professionals, are responsible for building a security culture, driving real behavioural change and reinforcing positive behaviours. This is no different from any other activities that HR does in terms of aligning the people to the organisational goals.
 
HR must communicate to staff the potential for risks, and be responsible for enforcement and compliance, enabling staff to both understand the risks and embrace disruption safely. 

No matter the size of the business or the industry 

 
Size and industry is irrelevant when it comes to online crime and fraud, and smaller businesses can be easier targets because of stretched IT resources. And if you share information across borders, the risks increase.
 
Cyber attackers vary in target, motive, levels of organisation, and technical capabilities. And the impact of a cyber attack can be extremely harmful: exposure of client details, reputation damage, forensic examination, crisis and PR management, fines and penalties, litigation and other liabilities. The recovery can be costly and lengthy. 

10 steps for HR to mitigate online security threats in the business

  1. Develop, implement and enforce a comprehensive security risk management policy. 
  2. Work with IT to create and implement a breach/incident response plan.
  3. Educate and advise employees about the type of information that’s confidential; and what potential problems can arise if this kind of information gets out. 
  4. Share and advocate best practices across the business.
  5. Implement a social media strategy for staff with best practices and enforceable guidelines. 
  6. Build cybersecurity competencies, establish cybersecurity protocols; and make cybersecurity training integral to the on-boarding process.
  7. Ensure that your IT security staff are aware of new technologies and cyber threats that emerge every day. They should be equipped with necessary training and upskilling to handle such situations promptly. 
  8. Liaise with the IT and legal teams to continuously evaluate the business’ cybersecurity needs. 
  9. Anticipate future cyber skills requirements and if the capability can’t be built in-house, hire externally.
  10. Take timely disciplinary actions in case of security breaches.
Post details