The Critical Role of HR in Strengthening Organisational Cybersecurity

August 22, 2024 thehrobserver-hrobserver-cybersecurity

In today’s interconnected digital world, cybersecurity has transcended its traditional role as solely an IT responsibility. As we redefine the role of HR as Business Partner to the organisation, HR departments are now at the forefront of an organisation’s defense against cyber threats, recognising their pivotal role in safeguarding sensitive data and fostering a security-conscious culture.

By weaving cybersecurity principles into core HR functions, companies can build a formidable shield against potential breaches while simultaneously cultivating an environment where every employee becomes a vital link in the security chain.

This article focuses on how Human Resources can proactively play an important role in working with Information Technology function synergistically paving the way for a sustainable & thriving organisation.

Cybersecurity: A key component of employee onboarding and training

One of the most impactful ways HR can contribute to cybersecurity is by incorporating it into the employee lifecycle, starting with onboarding. A comprehensive cybersecurity orientation for new hires sets the tone for a security-conscious work environment. This initial training should include an introduction to the company’s cybersecurity policies, often presented in welcome packets, and require new employees to sign the company policy document.

However, cybersecurity education doesn’t stop at onboarding. Ongoing training is essential to keep employees updated on the latest threats and best practices. HR departments are implementing regular, mandatory cybersecurity awareness training using diverse methods such as e-learning modules, workshops, and simulations.

These programs are often tailored to specific departments and roles, ensuring relevance and engagement. To test the effectiveness of these training initiatives, many organisations conduct phishing simulations. These controlled exercises help identify areas where employees may need additional education and reinforce the importance of vigilance in daily operations.

A prime example of innovative cybersecurity training is IBM’s “Cyber Aware” program. This initiative uses gamified learning modules and simulated phishing attacks to keep employees engaged and alert. By making cybersecurity training interactive and even fun, IBM has seen significant improvements in employee awareness and response to potential threats.

Read a case study on talent onboarding.

Building a culture of cybersecurity

Beyond formal training, HR plays a pivotal role in fostering a culture of cybersecurity within the organisation. This can be achieved through various initiatives:

1. Awareness campaigns: Organising cybersecurity awareness months or weeks can help keep security top-of-mind for employees. Regular internal communications sharing security tips and updates reinforce the importance of cybersecurity in daily operations.

Practical application: Internship / Entry level employee: IT proactively ensures all the set up and onboarding for the interns and entry level employees are done in a robust manner ensuring full adherence during their period of work.

2. Cybersecurity champions: Creating a network of cybersecurity champions across different departments can help disseminate information and best practices more effectively.

Practical application: One of the FMCG major companies has developed non-IT people into cyber security domain to get the user perspective and application enhancing the knowledge and application.

3. Recognition programs: Implementing rewards for reporting security incidents or vulnerabilities encourages proactive behavior. Recognising employees who consistently demonstrate good security practices can motivate others to follow suit.

Practical application: American FMCG company has a regular practice of yearly drill of Incident Management Cyber Security process test and certifying non-IT leaders on the knowledge, application and updation.

Another excellent example of building a security-focused culture wherein a major IT company focuses on an annual internal conference that promotes security awareness and recognises employee contributions to cybersecurity. Such events not only educate but also celebrate the collective effort in maintaining a secure work environment.

Read how to protect your organisation from a $25 million robbery?

Integrating cybersecurity into HR policies and practices

HR’s influence extends to policy development and enforcement, which are critical components of a strong cybersecurity strategy. Collaborating with IT, Legal, and Management, HR can create comprehensive policies covering areas like data protection, device usage, social media, and remote work.

Clear communication of these policies through multiple channels and making them easily accessible (e.g., on the company intranet) ensures that all employees are aware of their responsibilities.

Equally important is the establishment of clear consequences for policy violations and the implementation of a fair and consistent disciplinary process. HR also plays a crucial role in managing access to sensitive data. Implementing role-based access control (RBAC) for HR systems, regularly reviewing and updating access permissions, and ensuring proper offboarding procedures to revoke access are all essential practices.

Additionally, encrypting sensitive employee data, implementing multi-factor authentication for HR systems, and conducting regular audits of data access logs help maintain data integrity and confidentiality.

Other areas of opportunity to delve into details include CIA Triad in the HR Policy, Identifying Access Management and role profiling protocols as per Roles, Robust Employee Off Boarding especially on the IT security and protocols.

HR as a Cybersecurity Partner

As cyber threats continue to evolve, the role of HR in cybersecurity will only grow in importance. By integrating security awareness into every aspect of the employee experience – from hiring and onboarding to ongoing training and performance reviews – HR departments can significantly enhance an organisation’s overall security posture.

The key to success lies in viewing cybersecurity not as a separate function, but as an integral part of HR’s role in protecting the organisation’s most valuable asset – its people and their data.

Through collaboration with IT, proactive policy development, and a commitment to fostering a security-conscious culture, HR can be a powerful ally in the fight against cyber threats, ensuring a safer and more secure workplace for all.

Author
Varatha Rajan

Independent Business Transformation Consultant

Related Posts