Cybercrime is an increasing concern in our digitally reliant world. For businesses, any breach can cause significant disruption to productivity and safety. Indeed, one recent report found that each cyberattack costs businesses $200,000 on average. While bigger corporations may be able to weather this, small companies almost certainly can’t.
As such, all companies need to commit to a more thorough and agile approach to security. It can’t just be an afterthought, with the company augmented by a few antivirus programs. As this bolstering must occur throughout the business, it is only sensible to involve professionals who interact with the business on all levels.
We’re going to take a look at the growing role of HR in cybersecurity. How are these professionals helping to keep companies secure?
One of HR’s most important duties is establishing the right contributors to the business. This doesn’t just apply to technical qualifications and personalities, however. An increasingly vital aspect of the recruitment and hiring process is making certain companies minimize any potential cybersecurity risk at the hands of inappropriate new hires.
At the most basic level, this relies on employee screening. It’s important to make sure those with criminal convictions aren’t unfairly discriminated against. In most cases, the mere presence of a criminal record shouldn’t exclude candidates from work. Nevertheless, it’s important to be aware of cybercrime-related convictions in relation to positions in which workers have significant access to consumer data or company networks.
Beyond this, it’s also vital to establish candidates’ understanding of risks related to their behavior. HR departments are increasingly including security-related questions as part of the interview process. This not only helps establish candidates’ attitudes toward such issues but also highlights the training that needs to be provided if a candidate were to be hired.
Knowledge is one of the most powerful tools any business has against the risk of cybercrime. As such, it has become a significant part of HR’s responsibilities to make certain there are solid cybersecurity training protocols in place. HR professionals will work alongside the information technology (IT) department to establish what measures and scenarios should form part of training.
Some of these will be more generalized forms of security training relevant to all staff. For instance, phishing is a cybersecurity threat to anybody with an e-mail account or a cellphone. It takes the form of deceiving recipients into sharing sensitive or secure information that can then be abused. As such, all staff should be provided with knowledge of how to spot such scams and what their behavior should be if they recognize them. Other training will be more specific to employees’ positions and the types of access they have. For instance, industrial espionage breaches may be largely directed at those with wider network privileges.
Another important aspect of HR’s role here is to design and schedule regular cybersecurity training updates. These include refreshers on information previously provided to reiterate the importance of responsible behavior. But threats also change. As such, HR also tends to arrange training related to fresh risks and new technology.
Open access to company networks is rarely a good idea. This isn’t just because it provides all staff with data they neither need nor will find useful. Most importantly, it’s because it makes your company more vulnerable to breaches and other forms of cybersecurity disruption. The fewer permissions you provide to staff, the narrower the scope for damage. As such, it often falls to HR to identify and manage the need to change data access among staff members.
This involves liaising with both IT professionals and relevant department heads to establish the minimum level of access for each role to be effective, productive, and innovative. When staff members progress through the business, HR usually arranges for IT to change workers’ network permissions accordingly. Importantly, HR also has a responsibility for checking that permissions have been removed in the event staff members quit, are fired, or move to other roles.
Alongside internal restrictions, there will be times when visitors to the organization will require access to the networks. This may be contractors or project partners who are temporarily active within the organization. HR tends to be responsible for arranging this. Putting strong visitor management protocols in place reduces risks and ensures a positive relationship from the experience and should include welcome and sign-in procedures. HR should also arrange limited access to physical and digital points of the business. Indeed, using tracking protocols to gather data on this can help HR recognize areas of vulnerability and make adjustments in the future.
HR professionals interact meaningfully with all aspects of an organization. Therefore, it’s only sensible to involve this department in maintaining and strengthening widespread cybersecurity protocols. This includes designing secure hiring methods and creating relevant training modules. HR’s connection to the fine points of each role within the business also makes it well placed to enforce network access procedures. However, to be effective, it’s important HR representatives collaborate with IT professionals and department heads to gain solid insights into operations.
Katie Brenneman is a Guest Contributor at HR Daily Advisor.