Cybersecurity is one of the most crucial considerations for any business. Cybercrime is rising at an unprecedented rate, and highly publicized breaches like the Colonial Pipeline ransomware attack have captured the public’s attention. While more companies now comprehend the need for better cybersecurity, few understand how to achieve it.
One of the most common cybersecurity failings is thinking of it as just an IT problem. As an HR professional, it may not be immediately clear how your work impacts security. You may not deal directly with hackers or breaches, but cybersecurity is everybody’s business.
Here’s why HR departments are a critical part of thorough cybersecurity and how they can help.
Developing New Security Policies
After notable attacks like last year’s SolarWinds hack, regulatory bodies will prioritize cybersecurity regulations in the coming years. IT departments will develop new security policies in response, and HR should play a part in this. While IT staff understand the best cybersecurity practices, you’re the resident expert in employee rights and fair policy.
Cybersecurity is often a matter of employee policy, not just software, and HR should participate in any policy change. Stricter cybersecurity defenses frequently involve actions like restricting access controls, changing device policies, or monitoring activity. As an HR professional, you can help balance these regulations with protecting employees’ rights and privacy.
HR workers also have the experience and expertise to draft appropriately worded policies and communicate changes. You understand existing employee behaviors and culture, so you can work with IT to improve them. When IT departments collaborate with HR, they can develop more effective and fair security policies.
Acting as an Intermediary
Another role HR professionals play in cybersecurity is as an intermediary between IT and other employees. IT staff are busy people and likely don’t have time to answer all user questions or concerns about new policies. You can help ensure everyone knows what to do by clarifying policies and providing resources.
User behavior is one of the most critical parts of cybersecurity. For example, phishing, one of the most common types of cybercrime, capitalizes on human curiosity and poor judgment, not technical weak points. IT understands this, but they may not be experts in communicating why or how. It’s HR’s job to help develop effective training and awareness programs for these threats.
Similarly, you can help IT staff understand other employees’ actions and needs. You may have the resources necessary to establish a communication system for workers to report security concerns. As you work, you’ll develop an understanding of employees’ security awareness, which you can communicate to IT to inform their work.
Leading by Example
Most companies today understand that they need to foster a culture of security. Still, more than half of organizations believe the CISO bears the chief responsibility for this culture. Only 6% turn to HR to help develop this company atmosphere, but HR is already in tune with company culture and connected to employees.
HR deals with some of a company’s most sensitive information. As such, you should pay more attention to information security than anyone in the office. This gives you the opportunity to lead by example by embracing new protocols and going above and beyond to ensure robust cybersecurity.
Your actions communicate far more than your words. If you don’t pay much attention to new cybersecurity protocols, other employees won’t see the need to, either. Similarly, if you embody the security culture you’re trying to create, you’ll encourage others to do likewise.
HR Professionals Must Address Cybersecurity
Cybersecurity affects everyone, and a breach can come from anywhere. As such, everyone should take part in ensuring a company is as secure as possible. HR’s unique position within the company culture comes with extra responsibility in this area.
Effective cybersecurity protocols and changes need HR’s involvement. When HR professionals take an active role in cybersecurity, the whole company will become safer.
About the Author
Devin Partida writes about HR and business technologies. Her work has been featured on Entrepreneur and Yahoo! Finance, among other publications. You can view more of Devin’s work on her portfolio page here.