Cyber Security is a huge buzz word in corporate America these days, especially with all the data breaches and hacks we’ve witnessed in the recent past from well-known companies many of us interact with on a fairly regular basis. These breaches not only negatively impact customers, they have far-reaching and long-lasting consequences for the companies experiencing the breach. The 2017 Cost of Data Breach Study conducted by IBM Security and Ponemon Institute found that companies in the United States experience the highest organizational costs as a result of data breaches, averaging around $7.35 million.
How does a company get past this huge cost? What role does each department play in getting through the situation? What steps can be taken to protect not only customer information, but also employee information?
If you’re a human resources professional, this should be setting off an alarm in your head. What information do you access on a daily basis that could be compromised? What role do you play? What are you doing to protect this information? How do you work with other parts of your business to protect information?
Here are 6 things every HR pro should know about cyber security and the role they play in protecting company data.
- Much of the data an HR pro works with can often be the information most vulnerable to a cyber-attack. This personal employee information could include personally identifiable information (PII) like social security numbers, bank account information, addresses, and birthdates. Most of the time, this information is stored away in a benefits administration or payroll system, in new hire paperwork filed away on your personal laptop, and even in email. How protected is this data? What precautions have been taken to secure it?
- HR pros tend to overlook that many cyber security threats are a result of a company’s employees. Only around half of data breaches as the result of an external hack or breach, meaning the other half comes from some sort of internal action. Employee error can play a huge role in security breaches. Maybe an employee clicked a malicious link in an email that looked to be from a colleague, fell victim to a phishing attempt, or downloaded malware without any knowledge. Or maybe, as an employee left the company they took along valuable company information in the form of contact lists or confidential presentations. According to the Ponemon Institute’s 2018 Cost of Insider Threats Study, at least 60 percent of data breaches are carried out by insiders, including current and former employees who take information with them as they leave a job, either maliciously or not.
- HR pros should gain a working understanding of how to protect data. It is imperative that HR pros understand the different ways a hacker may try to gain access to information – phishing, ransomware, bots, Trojans, malware, spyware, etc. And it doesn’t help to just know about these threats; it is important to be able to identify and thwart them. From an internal perspective, HR pros should be offering training to their employees on identifying and reporting these threats.
- HR Pros must play an active and central role in preserving and protecting the security of their company and its data. HR must collaborate with IT (and other departments), and understand that IT cannot be held solely responsible for protecting information and systems. HR could easily work with IT to develop specific systems or encrypted files for storing sensitive data.
- It is crucial that HR participate heavily in developing, implementing, and communicating company-wide security policies and procedures. These processes should be well-documented and included in an employee handbook. They could include topics such as email security, locking computers when leaving a desk, using company devices for personal use, and blocking certain websites or applications. HR must take initiative in training all employees on security protocols – whether they are current employees or new hires – with topics ranging from email safety and accessing and using confidential data, to recognizing threats and malicious activity.
- HR should take responsibility for enforcing security procedures and policies and stressing repercussions for employees who fail to comply. It is not enough to simply create and distribute a policy. HR Pros not only need buy-in from all levels of a company, they also must continually education, enforce policies, and hold employees accountable for actions.
Whether they’d like to or not, HR professionals have a hand in maintaining a secure workplace, even if that means protecting the company from cyber-threats.
Want to learn more about how you can play a role in protecting your company against cyber breaches? Join our two-part webinar series, Security in the Digital Age: What are Your Responsibilities? During which we will discuss your role in the fight against cyber-crime, the consequences of neglecting an action plan, and how to get your HR team started with systems for success.