How HR Can Influence a Culture of Better Cybersecurity
![Microsoft Partner of the Year [POTY] Logo_White Transparent](https://content.bulletproofsi.com/hs-fs/hubfs/Microsoft%20Partner%20of%20the%20Year%20%5BPOTY%5D%20Logo_White%20Transparent.png?width=400&height=146&name=Microsoft%20Partner%20of%20the%20Year%20%5BPOTY%5D%20Logo_White%20Transparent.png "Microsoft Partner of the Year [POTY] Logo_White Transparent")
This article was produced in partnership with Microsoft Canada.
Cybersecurity isn't only about technology—it's also about the people who use it. And the numbers they speak for themselves. More than 80% of cybersecurity incidents happen because of human error, and two-thirds of employees still fail to follow basic security rules.
HR has a vital role to play in ensuring their organizations are protected.
Throughout an employee's journey, starting from day one to their final moments, it's the HR department that monitors and guides them. This crucial role makes HR an indispensable component of an effective security strategy. HR's watchful eye helps to ensure smooth operations and adherence to security protocols, creating a safe environment for everyone involved.
.png?width=150&height=150&name=GLI%20Map%20Element%20(19).png)
Article Sections
Cybersecurity's Human Factor
The human element in cybersecurity is causing growing concern. Research firm Gartner even named it as the number one cybersecurity priority for 2023, stating that a human-centric approach is essential to reducing security failures.
As a result of remote work, the scattering of employees and their devices has given hackers a larger surface area to target. This not only makes organizations more susceptible to data theft and loss, but also hampers their ability to train their workforce effectively. As a result, the risk of ransomware attacks (and subsequent damage to a brand's reputation) has reached new heights.
Ransomware, a nasty type of malware that holds critical data or systems hostage until a ransom is paid, continues to be one of the most impactful threats faced by organizations today.
Considering people are a key point of failure when it comes to security, shouldn't HR play a more prominent role in protecting them, and the company's sensitive information?
Bringing HR On Board
Organizations often view security as a technology problem, rather than recognizing it as a broad cultural solution, says Kevin Magee, Chief Security Officer for Microsoft Canada. He says this is the root of the problem.
“At Microsoft, we are focusing on changing beliefs and behaviors,” he says. “How can we build a culture that makes it easy to do the right thing, but hard to do the wrong thing?”
Here at Bulletproof, we certainly agree. One of our main objectives in working clients is to get every department involved in developing solutions, especially HR and finance because they manage some of the most sensitive information.
Introducing new tools and educating staff on how they help solve a business problem should be part any cybersecurity engagement. It is two way street: IT should learn about the business challenges, and the business leaders learn about the tools. Empowering HR departments can only help the security effort as a whole. Hopefully then HR can take a proactive approach and collaborates closely with IT to identify potential threats.
How Exactly Can HR Help?
There are a few crucial aspects to consider. Firstly, employee education should be a top priority and not an afterthought. It is essential for employees to have a comprehensive understanding of the tools, risks, and responsibilities related to cybersecurity. This can be achieved by incorporating cybersecurity into annual training programs and implementing ongoing initiatives to keep employees aware of potential risks. For instance, regular test emails can be sent to employees to gauge their response and provide guidance on appropriate actions if they fail to respond correctly.
Addressing the challenge of insider risk is also vital. HR should collaborate closely with the cybersecurity team to identify potential threats arising from dissatisfied employees, those who may have missed out on promotions, or individuals approaching their departure from the organization. Establishing effective communication channels between HR and the cybersecurity team allows for the flagging of high-risk individuals to prevent information theft. Furthermore, HR can benefit from being alerted to risky behavior or language that could indicate a potential security issue. Various tools and technologies are available to empower HR in this regard, enhancing their ability to mitigate insider risks.
Protecting Sensitive Information
It’s not just people management that can reduce cybersecurity risk. HR also holds a responsibility to protect the sensitive information of their staff. Encrypting personal data, implementing restricted access, and disposing of outdated information promptly can significantly reduce the risk of data breaches.
Of course, this involves striking a balance between information security and user convenience. We often observe well-secured personnel files, but due to the difficulty of accessing them, managers resort to keeping unauthorized copies. These additional copies are stored in unknown locations, lack protection, and are not subject to proper lifecycle management.
Another issue is the retention of files for extended periods of time. In the event of a breach, the presence of files on former employees from 25 years ago (which should have been disposed of) amplifies the problem. It's essential to implement proper data retention policies to prevent unnecessary storage of outdated information that poses an increased risk.
Align Your Entire Team Against Threats
In the world of cybersecurity, the focus is shifting from the traditional aspects like securing devices and managing access controls to a new frontier: data security. It's all about understanding what you have and taking the necessary steps to protect it. Fortunately, we have tools at our disposal to prevent data from leaving unauthorized hands, or if it does, to make it less valuable and usable.
To achieve true effectiveness, security efforts must mobilize and empower every individual within an organization. This includes forging a close and continuous partnership with HR. By involving HR as an integral part of the cybersecurity strategy, organizations can foster a culture of security awareness and accountability throughout the entire workforce.
The role of HR goes beyond traditional tasks, as they become instrumental in employee education, promoting security best practices, and fostering a proactive approach to identifying and mitigating risks. By working hand-in-hand with HR, organizations can harness the collective power of their people to strengthen the overall security posture and mitigate potential vulnerabilities. By embracing data security and recognizing the value of HR as a close partner, organizations can create a united front against cyber threats and ensure a robust defense for their valuable assets.
Bulletproof can play a vital role in supporting organizations in their pursuit of effective cybersecurity, including data security and the integration of HR as a crucial partner. Our comprehensive services and solutions are tailored to meet the unique needs of each organization.
Get Bulletproof Expertise
If you’re not sure where to start, ask for help. There are security experts available who live and breathe cybersecurity.
Bulletproof can help identify knowledge gaps within your team, and empower your HR department to fight cybercrime.