Three Ways HR Can Serve as Cybersecurity Defenders

Image of computer circuit boards symbolizing cybersecurity

HR Question:

Why should cybersecurity be a priority for HR professionals? Isn’t that IT’s job?

HR Answer:

Hackers look for more than just passwords and bank information. They can hold personal information hostage like social security numbers, share private health information, or share the results of someone’s less-than-satisfactory performance review with the public.

Human error is often one of the key weaknesses that hackers and cybersecurity criminals will try to exploit in their assaults. As HR professionals and business leaders, it’s up to you to build in defenses amongst your team members to protect the business and the sensitive information it has on your employees.

Implement a Clear Cybersecurity Policy

One of the first lines of defense that HR professionals can put in place is a strong cybersecurity policy. Policies that cover topics such as information sharing and the appropriate use of social media, remote devices, wi-fi, and VPNs can help educate your team members on safe technology practices and put definable consequences (beyond the potential danger of information exposure and distribution) around the misuse of company technology and information.

By partnering with your organization’s IT department, HR can include policies that support employee privacy and the company’s security, such as regularly updating passwords, guidelines to follow in the case of suspected security breaches, reporting procedures, and more.

Foster a Cybersecurity Savvy Culture

You know the phrase, “you have to walk the walk to talk the talk”? Or better yet – “leading by example.” The same concepts apply to how your HR department approaches cybersecurity when fostering your company culture. Without HR putting the same emphasis and care behind IT policies and priorities, these goals may fall flat before reaching the finish line.

As such, there are four ways to help encourage your employees to be aware of potential security risks:

  • Check phishing reports quarterly to see what’s trending and what’s changing with how the common scams operate.
  • Always be sure to double- and triple-check who’s asking you for information. Attackers are becoming more and more intuitive in how they reach out to you. It doesn’t matter whether it’s your mother, your boss, or your best friend who emailed you, check where the email came from and be certain before you respond.
  • Ensure that common behaviors, such as reusing passwords or using unprotected wi-fi networks, aren’t encouraged, practiced, or overlooked.
  • Never let your guard down. This is probably one of the most important things to remember. It’s not easy to do, but phishing is only a problem if it succeeds. And phishing will succeed. We’re all human and we will make mistakes. It’s these mistakes that attackers capitalize on.

Remember these four rules, and you’ll be much safer and prepared to deal with any phishing scams that come your way.

Include Cybersecurity in Regular HR Audits

As a part of your HR audits, which should be conducted on a regular basis, it’s important to include cybersecurity features in your regular process. Double-checking things such as password security, ensuring all software is updated, and making sure that policies are up-to-date based on popular apps and technology trends can help to keep your company’s and your employees’ information safe and secure.

Special thanks to Samantha Kelly for contributing to this edition of our HR Question of the Week. 

Visit our colleagues at Clark Schaefer Hackett to learn how they can support your cybersecurity needs, or check out our Health, Safety, and Security page to see how we can help develop processes, procedures, and programs to protect your team.