By Asher DeMetz, Sungard Availability Services
Cybercrime was once an elusive concept, reserved for Hollywood blockbusters that played on images of hooded pranksters defacing government websites in dark basements. But in today’s digital age, cybercrime is an all-too-real threat. From local businesses to whole nations, no one is immune to the risk online criminals pose. Companies both big and small are regularly targeted, with one survey showing that 55% of small businesses had experienced a cyber-attack in the past 12 months. And with some reports saying that 90% of all cyber breaches take place because of human error, it’s clear that this has become much more than just an IT issue.
One of the most crucial elements in the prevention of cybercrime is the education of all staff within an organisation. From password strength to the ability to spot a scam email, it’s vital that they’re equipped with the knowledge needed to ensure they don’t become a weak spot in the company’s defence. With this in mind, here’s what you can be doing to protect your company if you work in HR:
Take ownership of cyber security
Ensure staff know that cyber security is much more than just a technical issue, and that it’s you they can come to with any queries. Take ownership of the subject, sending regular email updates and chatting with staff one to one if they have any concerns.
Offer regular training and updates
Both you and your colleagues should be trained in cyber security. That means, understanding which threats are out there, how to prevent them, and how to deal with them when they happen. Organise regular training sessions to make sure you’re all up to date with the latest advancements – whether that’s regarding a cyber threat, or a defence mechanism. This could include hiring in an expert, or putting together training manuals based on material you can find online and running through those yourself. It’s always wise to get professional training at least once a year though.
Drive home the importance of password security
Most people are aware of the importance of creating strong passwords, but whether they put this theory into practice in their place of work is another question. It can be easy to use the same password for everything, or use simple passwords that are easy to remember out of convenience. But it’s vital that the employees of any given company are aware of the potential consequences of being lax with this aspect of cyber security. Take the time to educate staff on how one weak password to lead to a catastrophic attack for the company. Send clear, step-by-step guides that outline how to create a strong password. You could even invest in a password management system that enabled colleagues to use one central password for all of their work accounts, which would significantly reduce the amount of effort required to increase password security.
Manage the risk of insider attacks
Although no employer would like to think so, disgruntled employees can pose as a real threat when it comes to cyber security. Whether they have their own agenda or are approached by a hacker and offered a financial incentive – employees on the inside of a business can cause serious damage due to their potentially unlimited access to the system. One of the most important roles of HR in this scenario is to ensure all staff exits are managed appropriately. Monitor members of staff that have been dismissed, or have left suddenly, and try to make sure relations stay as positive as they can. Employees who take action against their employers are most likely to do so within thirty days of leaving the company, giving you a timeframe to work with when it comes to monitoring their online activity in relation to the company.
The most important thing to remember is that keeping equipment protected is just one small aspect of cyber security – with a huge amount of emphasis now being placed on employees themselves. When you take this human aspect into consideration, it’s clear that HR’s role in the protection of a business’s security is more important than ever.