HR Meets Cyber
Cyber security is not just an IT issue but a people one as well, cyber criminals know people are easier targets than systems i. Employees are the frontline that organisation’s must train, equip and enable to be truly protected from an escalating cyber security threat. However, IT/cyber security managers have often been struggling alone to attract the attention and investment from senior executives to do this. HR needs to row in to help in this crucial matter, a joined up voice at the top table is needed to amplify the message. HR must expand its role elsewhere too.
The large cyber skill shortage means HR needs to completely understand the cyber skills their company requires and how best to recruit these into the organisation. This means avoiding the temptation of “wish list recruitment” and doing a targeted approach underpinned by a sound job design process. New and innovative ways to train cyber and non-cyber employees is also required as everyone now needs to keep abreast of the latest cyber threats and how to prevent these. The emerging reality here is that a continuous approach to training is required, beyond the annual tick box training exercises of the past.
Cyber reports say that insider threats are one of the main cyber risks that organisations faceii. HR must partner closely with IT/cyber security teams to develop, monitor and maintain clear policies and practices so employers work safely and securely on the company’s IT system. Strong data protection protocols and tools need to be in place to ensure data and IP do not leak. Some suggest HR should have responsibility for identifying internal security risks from employees and lead cyber investigations when internal incidents happen.iii This is a big step up for many HR teams.
Finally, cyber criminals are increasingly targeting HR teams given the access they have to sensitive data, people and payroll amongst other things.iv With that, HR teams need to ensure they are fully trained on cyber security and have the necessary protections built into their own systems and processes. Going forward, any chance of organisations protecting themselves from cyber criminals will require HR and IT to work hand in glove from the most senior level down to the frontline. i https://www.kratikal.com/blog/perfect-phishing-attack-a-penetration-testers-perspective/ ii https://www.kratikal.com/blog/insider-threat-the-biggest-contributor-to-cyber-attacks/ iii https://averynormal.com/cyber-security-should-matter-to-hr-personnel-too/ iv https://www.peoplemanagement.co.uk/long-reads/articles/hr-cyber-criminals-latest-target