Thomas Jreige – HR LeaderCyber Security Expert | Managing Director at Thomas Cyber
How HR can safeguard your digital defences
In this era of rapid digitalisation, cyber security transcends the boundaries of the IT department, extending its influence into every facet of an organisation. Enterprises are waking up to the pivotal role that HR plays in fortifying digital defences.
As custodians of highly sensitive data such as employee records, payroll details, and confidential personal information, HR departments inherently carry a high cyber risk.
This risk is further compounded when organisations hold additional data regarding staff attitudes, mindset, and personal attributes. Cybercriminals are drawn to this valuable treasure trove of information, making HR a hotspot for cyber security threats.
HR is also instrumental in mitigating a principal cyber security risk, human error.
Employees frequently represent the weakest link in security chains, often falling prey to social engineering tactics such as phishing. Research reveals that 88 per cent of data breaches result explicitly from human error, highlighting the urgent need to shift from standard, one-size-fits-all training to more targeted, organisation-specific awareness programs.
A prevalent issue is the absence of tailored, context-specific cyber security awareness training.
A lack of understanding among employees about their role in safeguarding an organisation’s security can lead to disastrous consequences, such as unintentionally granting access to confidential information.
Customised training can address this issue, providing employees with a clear understanding of their obligations and how information security is governed within their specific organisation.
Another significant challenge lies in the collaboration between HR and IT departments.
Despite understanding its importance, organisations frequently fail to establish efficient communication lines between the two.
A critical issue is that while HR functions under strict legislative controls, information and cyber security often do not. This disjointed approach can result in an inconsistent application of cyber security policies, creating exploitable vulnerabilities.
Addressing these challenges requires an incremental, integrated approach to cyber security involving HR, to avoid culture shock and additional workload.
Basically, HR and IT need to collaborate on crafting an organisation-specific cyber security policy. This policy should be accessible, user-friendly, and integrated into the onboarding process.
Regular updates and clear communication of the policy are crucial to keep it relevant and top-of-mind for employees. Cyber security must be written in human speech and cannot be too rigid or difficult to execute.
HR should schedule regular cyber security awareness training sessions, treating them with the same seriousness as occupational health and safety or other regulatory training.
This will emphasise to employees the gravity of potential online threats and the importance of prevention. These sessions cannot be the current cookie-cutter material on the market. It has to be customised to the organisation’s security program.
Leadership, spearheaded by HR, needs to foster a cyber security culture. Regular, relevant communication and training will help employees perceive cyber security as an integral part of their responsibilities, not an onerous additional task.
HR and IT departments must form a synergistic partnership to ensure the consistent application of cyber security policies. Regular meetings, transparent communication, regular impartial third-party assessments and unified objectives can enhance the effectiveness of this alliance.
Any effective cyber security strategy must encompass HR.
Uniting HR and IT can fortify an organisation’s digital defences, reducing the risk of data breaches. By transforming the human factor from a vulnerability into a strength, we can turn the tide against cyber threats.
By Thomas Jreige, cyber security expert.