The key role played by HR in safeguarding an organization’s cybersecurity

Many often make the mistake of assuming that issues concerning cybersecurity fall purely under the purview of the IT department. Whether it’s educating employees on the dangers of phishing to setting up security protocols, it would appear that the HR department has little to do with issues of cybersecurity.

Contrary to popular belief however, the HR department has plenty to do when it comes to cybersecurity. With all of that in mind, we now take a look at the vital role that the HR department plays in safeguarding their organizations from cyber attacks.

 

1. Identifying risks

Most successful cybersecurity breaches come about as a result of either negligence or simple ignorance. While it’s highly unlikely that most employees nowadays would fall for a Nigerian Prince scam, hackers have in the past used a combination of social engineering and fear to successfully launch attacks.

In Malaysia for example, scammers masquerading as police officers, representatives of the income tax department and even court authorities have leveraged on the power of fear to scam more than one victim by calling them on both mobile and office phones.

Hence HR professionals need to ensure that members of their organization are regularly kept up-to-date on the latest developments. In some companies, employees are sent fake phishing emails in which clicking on or responding to said email will produce a prompt informing said employee that they have fallen prey to a fake phishing email.

This approach encourages employees to be aware of suspicious emails and encourages them to report any abnormal activities.

 

2. Investing in the right HRM system

The HR department regularly handles sensitive data such as employee records and payroll information. Such data is highly sought after by telemarketers, scammers, hackers and identity thieves for their own nefarious purposes.

Because of this, business leaders and HR professionals should never underestimate the importance of investing in a solid HRM system. Modern HRM systems such as that by IQDynamics have a myriad of security features in place to protect customer’s data.

For example, web application firewalls or WAFs are specially designed for use on web-based applications which makes it nearly impossible for hackers to gain access thus keeping one’s data safe.

When shopping around for a HRM system, it’s always best to ensure that the service provider abides by all government mandated data privacy regulations. This ensures that contractors have all the necessary measures in place to protect your information.

Ransomware attacks have become particularly common in recent times with GoldenEye virus being one of the most popular examples. To the uninitiated, ransomware is a type of malware that encrypts important files belonging to the victim thus preventing access.

In order to unlock said files, the victim will be forced to pay a sum of money i.e. a ransom to the perpetrator. HR departments are a favourite target of ransomware attacks due to the sensitive nature of the data routinely handled.

 

3. Collaborating with the IT department

Close collaboration between both IT and HR are crucial for maintaining good security hygiene. HR professionals can educate their employees on the basics of data security such as safeguarding identity cards and not visiting suspicious websites that may install malware on company computers.

On a more advanced note, integrating HR with identification systems ensures that employees moving between roles have access to the right type of data whilst removing old access. This is also particularly important during the offboarding process for employees who are leaving.

Whilst it is absolutely terrible to suspect one’s colleagues, a single disgruntled employee looking to settle an old score can wreak havoc on an organization by leaking secrets or stealing information.

 

4. Managing remote employees

The Covid-19 pandemic has forced approximately ⅓ of the world’s population into lockdown with many employers exploring the possibility of remote working. Whilst convenient, telecommuting has its own fair share of risks.

Firstly, an employee’s home internet connection may not be entirely safe which exposes them to the risk of getting hacked or being exposed to malware. 

Hence the HR department should ideally introduce a culture of cybersecurity vigilance for all employees. This inculcates good security hygiene and educates employees of the risk from security breaches.

As an added measure, the IT department can work with HR to conduct monthly security audits in order to identify potentially risky behaviour perpetuated by employees. 

 

While business owners and employees all over the world may be concerned about global events and the ongoing Covid-19 pandemic, cybersecurity and safeguarding company assets should and still always be at the back of everyone’s mind.