Cybersecurity is a hot topic. It is a growing problem for businesses across the world, as increasingly, criminals are finding ways to exploit organisations and their staff for financial gain. There is also significant evidence that the pandemic has only worsened the situation, with countries across the world reporting an upward trend in cybercrime.
Whether your business has one person who manages HR, or a whole department, it is important to recognise that they could be vulnerable to cybercrime in a way that other aspects of the business are not. Here we take a look at some of the cybersecurity measures that are most important from an HR perspective.
Work closely with the IT department
It is sometimes thought that cybersecurity is purely the remit of the IT department – however, this is a belief that can only lead to problems. The problem here is the belief that cybersecurity is something that can be something that runs in the background, and takes no active knowledge or work from other members of staff.
Anyone working in HR needs to recognise what they can do to improve cybersecurity measures and keep the company secure. The HR has responsibilities with regards to cybersecurity, whether that comes in ensuring that the company has the right staff and skills, but also in coordinating issues such as staff training.
Cybersecurity needs to be considered a company-wide issue that everyone has a role to play in. It won’t matter how strong your cybersecurity measures are if some members of the team are not following best practice.
Understand recruitment challenges
As cybersecurity is a growing concern, it makes sense that those in HR would be tasked to recruit more people with skills in this area. However, hiring cybersecurity talent can be a little more challenging than you might expect.
It has been well documented that there is a cybersecurity skills gap – and that gap is growing. What this means is that there are more jobs recruiting candidates with cybersecurity skills than there are candidates with those skills. A recent study revealed that 70% of cybersecurity workers believe that their company is affected by the shortage of cybersecurity skills.
It is important to, then, put special emphasis on the recruitment and retention of cybersecurity skills.
Consider the issues around working from home
One major difference to the way businesses operate has come in the form of working from home. Working remotely became a necessity during the pandemic with many companies only being able to operate from home. While there are many benefits that companies have seen from this, it is also the case that it has created challenges in terms of cybersecurity.
Many businesses overlook the protections offered by being in an office environment. For example, the company firewall and other cybersecurity solutions keep staff safe. When they come to work from home, those protections may not be in place, so it is up to individual members of staff to take care of their cybersecurity.
“If you’re a home worker,” advises Juliette Hudson, Senior SOC Analyst at cybersecurity services provider Redscan “security protocols should include locking your workstation whilst away from your desk, preventing other household members from sharing your work devices, and exercising vigilance before clicking and opening unknown links and attachments.”
This is especially important for those working in HR, as they will be dealing with more personal and private information than almost any other department.
Hudson continues: “If you print work documents at home, it’s also worth investing in a paper shredder, which will help to prevent sensitive business data being seen by prying eyes.”
Invest in staff training
HR staff need to be provided with cybersecurity training. Staff need to understand not only the principles of cybersecurity, but also how to avoid falling for phishing emails and other attempts to compromise the business. As we have already mentioned, this is especially important for people in HR as they handle so much sensitive information.
Cybersecurity training should be more than just a single session with the person starting at the business – it should be ongoing.
Cybercrime is no longer something that can be ignored. It affects businesses of all sizes in every industry, and if you do not take it seriously, it can cause you serious financial and reputational damage. The HR department has an important role to play in the cybersecurity of the business, and it is only by putting the right policies and procedures in place that it can do this effectively.