The Role of HR Mitigating Cyber Security Threats
While technology has made workers’ lives easier, it has also opened the door to a number of threats in terms of hacking and data theft. Cyber security breaches are costly and destructive for all organizations, big and small. According to statistics from Heimdal Security, cyber crime costs the global economy a staggering $100 billion every year.
Another troubling statistic is the finding that nearly 60 percent of fired employees steal important corporate data after departing their position. Furthermore, malicious intent aside, an IBM study found that well over 20 percent of breaches at work can be attributed to careless employee mistakes. The findings from both studies highlight the fact that organizations need to be vigilant of not only external cyber threats, but also the potential for trouble within their own ranks.
The Role of Human Resources
Given that a number of cyber security problems emerge due to the actions of an organization’s own workforce, human resources teams, alongside information technology professionals, can play a crucial role in the fight against cyber crime at the office. This is especially true because the data that HR professionals work with is often the most vulnerable to attack. As the Society for Human Resource Management outlined, HR records contain highly sensitive and private information: Think social security numbers, dates of birth, bank detail and home addresses, to name just a few. Due to this fact, it’s absolutely imperative that HR professionals not only have a comprehensive understanding of how to protect data within their own department, but also the company as a whole.
Recognizing Threats
Before developing a preventative strategy, it’s important for HR teams to be able to recognize potential cyber security threats. A majority of companies will have sophisticated software systems in place to help curtail the risk of a cyber attack from an external source, such as a virus. Consequently, some of the biggest cyber threats that companies face are from groups of hackers that purposely target a company through a process known as “phishing,” SHRM explained. The scamming technique can take an array of forms, but typically involves an impersonator that tricks an employee to surrender valuable information, usually via email: Hackers are able to imitate emails from seemingly trustworthy sources, which employees will then open while at work. The emails can carry malicious malware that hackers can then use to access sensitive data.
Alongside “phishing,” other common threats include careless mistakes from employees, such as emailing or losing valuable data, logging onto insecure internet networks while out of the office, and conscious malicious attacks from employees or former employees.
Tips for Prevention
Although the threats are troubling, there are a number of ways that HR executives can play an active role in the fight against cyber crime.
- HR teams can help IT develop and disseminate security procedure guidelines, SHRM argued.
- Training all HR staff and employees on cyber security protocols is probably the most effective role that HR executives can play. This is especially imperative for new employees just joining the company. Cyber security training should be a central component of any on-boarding process, with new employees schooled in issues pertaining to accessing and using confidential data, alongside basic security training. There should also be a focus on email security and learning to spot signs of potentially malicious activity.
- HR teams should ensure that new employees have not brought any sensitive data or information with them from their previous place of employment.
- It’s necessary for HR teams to close the online accounts of any former employees as soon as possible. This is significant because, as the statistics from Heimdal Security noted, well over half of former employees have stolen confidential company data upon departing a position.
- HR teams must also be responsible for stressing the disciplinary repercussions for employees that do not comply with security guidelines.
While the threat of a cyber security attack can never be completely eliminated, the above information demonstrates that the risk can be curtailed through effective employee management.