The Role of HR in Keeping People and Data Safe
(And What is IT Doing?)
I had the opportunity recently to speak to a group of HR professionals with SMAHRA (Southern Minnesota Area HR Association) about cybercrime and the role that they play in cybersecurity for the organizations for whom they work. Cybercrime is not a new topic for these folks, but I believe I was able to guide them into a deeper understanding of why the risk of cyberattack has increased in recent years; who is responsible for cybersecurity; and why it is more important than ever to build up the human layer of defense.
Who is responsible for security?
It's not uncommon for people to have a fuzzy view of who holds the responsibility for security at the company where they work. Is it the IT department or IT support company? Is it management? The fact is, that cybersecurity is everyone’s concern. There are several reasons for this, not the least of which is the devastating impact that a cyberattack can have on a company. Another reason is found in the increasing number of tactics that cybercriminals are using to penetrate weak cyber defenses, or skirt around the technical perimeter to get someone to open the door for them. That’s where HR comes in.
Preventing People Surprises
Part of HR’s job is to prevent people surprises; that is, to create and sustain behaviors that have predictable outcomes. For example: hiring the right people and creating a workplace that nurtures retention; implementing training to minimize injury and teach people how to handle certain situations; ensuring that policies are clear and well understood to reduce the risk of conflict or lawsuit. The same concept applies to cybersecurity when you train employees to be aware of the tactics that cybercriminals might use to trick employees into doing something that can have such dire repercussions that the very existence of the organization can be threatened.
At your company, you probably already have some policies and procedures that pertain to cybersecurity. It’s one thing to have these documented; it’s another to be actively enforcing them, and supporting them with ongoing training. Some examples are:
User name and password management
Use of mobile devices
Use of cloud storage and web based software
Use of the internet on company devices
Controlled access to information
Physical security - locking computers
Off-boarding procedures for terminated employees
How to report possible security incidents
What is IT doing?
IT definitely has its own role to play in creating the technical layers of security that make for a strong defense. What often times happens for some companies is that IT is so consumed in day to day issues that they don’t have time for everything and important things slip through the cracks. Chances are good that when IT is chaotic and mostly reactive in nature, people notice and view IT as being overwhelmed or just unavailable to them. This doesn’t help the company manage risk, let alone maintain a handle on the increasing risk of cybercrime.
A common response to this situation is to add more people to the internal IT department or to get a different IT provider. What really needs to happen, however, is for the IT environment to mature so that it can not only better manage the risk of cybercrime, but bring more value to the business by providing better IT results. The only way that this is going to happen is through the implementation of a different approach to IT.
Better IT Results Can Better Manage RIsks
Everyone has a role to play in managing the risk of cybercrime – HR, IT, Management and every employee. If you could improve how you manage risk by improving IT results, wouldn’t you want to do that? What about increasing the revenue you receive per employee? It's possible, because better IT results ultimately grows business value.
The Top 10 IT Results that SMBs Want
Check out the top IT results on our website and see how your current IT situation measures up. https://www.thriveon.net/it-solutions If you are concerned about the results that better IT can bring to the way you manage risk and provide security to people and data, I bet you'll be interested in the other nine results, too.
First published on LinkedIn Pulse https://www.linkedin.com/pulse/people-part-cybersecurity-sam-bloedow