Enterprise cybersecurity and the role of HR professionals

Is cybersecurity just an IT concern?

In the digital era, cybersecurity should be a top organizational concern. However, shortcomings in company policies remain a concern, particularly their implementation in small and medium enterprises (SMEs). Given how 53 percent of cyber incidents came from employees through either losing company devices or making administrative errors, companies need to step up their efforts. Clearly, IT by itself cannot protect the organization.

Why must HR be involved?

To build a culture of cybersecurity and minimize attendant risks, HR leaders need to be involved to take care of the weakest link. It is important to make cybersecurity the responsibility of every employee and ensure awareness of the consequence of not complying with company policies on the matter. In advanced markets, for instance, it is not uncommon for companies to dismiss employees on the grounds of poor cyber practices that could compromise the company systems.

What positions HR in such a position of importance for cybersecurity?

What makes the role of HR even more important is that they maintain sensitive employee data, which is highly attractive for hackers. From the point of hiring through the tenure of employees, the HR department receives valuable personal information of different kinds. It is important to ensure that HR technology incorporates adequate protection for this data and that such protection is part of the standard operating procedure for every HR professional, as such information includes dates of birth, addresses with full names, and social security numbers. If just one person chooses to access such information via an unsecured public WiFi network, the consequences could be severe for the company.

How can HR and IT work together on cybersecurity?

Start with an initial meeting. IT teams could explain the current cybersecurity plans, with HR leaders sharing the employee perspectives on security pain points and how the plans could be modified accordingly. Regular meetings could cover the right training methods, emergency response plans with clearly delineated roles and responsibilities in the event of an incident or attack, and key learnings from relevant initiatives.

What particular measures should companies take?

A variety of actions are required, as detailed below:

  • Clarify the responsibility for cybersecurity: It is not feasible or right to put it all on the IT personnel, as they already are tasked with other IT initiatives. Cybersecurity must be treated as a role in itself, and HR professionals must work with IT personnel to understand the skill requirements therein.
  • Fill the skill gap: As discussed above, HR must facilitate a strong security position for the organization by filling the talent gap in cybersecurity. The lack of cybersecurity awareness and the gap in skills is a massive concern for most organizations.
  • Educate employees: This is one of the best ways to manage risks and mitigate cyber threats, to support the role of endpoint protection, firewalls, and other IT and HR technologies looking to keep organizations safe. HR leaders must be involved to ensure the right culture of cybersecurity awareness, education, and training to keep employees and systems up to pace with dynamic security threats. This will include basic cyber hygiene for every employee to practice as a critical safeguard, including something as seemingly simple as proper password management.
  • Boost awareness: Stay aware of the latest developments in the cyber world to know how cybersecurity protocols must change and evolve so that the newest, most sophisticated threats can be mitigated.
  • Improve training: HR professionals must use creative measures to make cybersecurity training and awareness more interesting, including learning management systems (LMS) and gamification, along with mock testing. For instance, a company often sends a fake phishing link that encourages employees to click and share information, and if they do, they are prompted to be more aware as that could be an actual phishing attempt someday.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Amelia Jackson

Amelia Jackson

Human Resource Professional. Passionate about Human Resources. Writing has always been a passion with strong interest in talent management & HR Industry.