While cybersecurity should be part of every employee’s job, some roles naturally carry more responsibility—Management and IT are two that certainly come to mind.
At the same time, so many elements of cybersecurity are truly human-centric, making it so important to consider the key role HR plays in keeping everyone safe and sound. The masters of employee matters have a few tricks up their sleeve – so how can business leaders lean on HR to help build a effective cybersecurity program and culture?
HR professionals are confidentiality rock stars, and with good reason: A compromise of private employee tax information, health information, or records is a serious violation—a breach can lead to anything from embarrassment to identity theft or insurance fraud.
HR can take many steps to ensure private information stays private:
- Set and follow protocol for handling requests for confidential information.
- Be aware of potential phishing, vishing, or social engineering schemes.
- Store and share digital and paper files securely.
- Discuss sensitive information with care, both inside and outside of work.
Covering the Company
HR has the unique opportunity to contribute to components of cybersecurity involving the human element:
- Policies and procedures: Working with HR to develop and evaluate your organization’s Technology and Data Use Policy will help to ensure it’s fair, reasonable, and clear. HR can also help spread awareness of what employee should do if they do experience a cybersecurity incident.
- Minimizing the insider threat: HR can assist with determining or tracking what information employees need access to in their positions.
- Background checks: If you perform background checks on employees and contractors, it’s a good idea to involve HR to ensure proper procedures and confidentiality. Laws around background checks vary state-to-state, so be sure to consult a legal resource as well.
Since HR is often the guiding light on employee matters, it’s a natural extension of their daily work to weave cybersecurity into the conversation with individual employees:
- Onboarding: New team members may need a little extra training for maximum cyber-success. HR can help employees understand organizational cybersecurity goals and policies.
- Awareness: HR can help to deploy, review, and increase engagement in cybersecurity education. And they often have insight into how it fits in with existing training.
- Remediation: Mistakes happen. In the case of an incident, HR will be involved and can help draw the line between proper disciplinary action and maintaining a culture where employees are encouraged to report incidents.
- Offboarding: Finally, when employees leave the organization, HR and IT should work together to ensure they are offboarded completely and any access to sensitive information is revoked– even if the parting of ways was amicable.
Whether HR is a role taken on by one of the leaders wearing many hats in a smaller company or is a full time position or department, keep the human error factor in mind; it’s responsible for a majority of today’s breaches and incidents and something HR and the right culture can help tremendously with.
Your Friends @ Defendify