In all of our digital interactions today, whether we are filling out a form, shopping online, or sharing our contact information with our employer, we have to give up data in some form. But what happens to that data once it's in circulation? And how can we make sure it stays secure?
Ideally, companies only use our data when we ask them to. They also strive to protect it as best they can to comply with privacy regulations and standards and ensure they are using it lawfully. But sometimes that data gets hacked. (Every 39 seconds, according to the University of Maryland.)
No company can really afford to process and store data without proper safeguards – not when a single data breach can easily result in a terrible loss of credibility and business. So, with cyberattacks on the rise, it's time for HR departments to step up and start paying attention to corporate cybersecurity, too.
Defining Corporate Cybersecurity
The role of cybersecurity is to protect networks, systems, and sensitive data from cyberattacks designed to access and alter said data, extort money, and disrupt normal business operations. These attacks typically look like data breaches, computer viruses, or Denial-of-Service attacks, and can wreak havoc on a business. That’s where corporate cybersecurity comes in.
Corporate cybersecurity refers to protecting companies' data, programs, computers and networks from unauthorized access and exploitation. Cybersecurity professionals create a protective sphere that prevents hackers from obtaining sensitive information from the system – because, when the victim is a business, it's not just reputation that's at stake. A lawsuit against the company can quickly follow.
What Is the Role of HR in Cybersecurity?
HR is increasingly being asked to determine employee data permissions, train on cybersecurity policies and procedures, and respond to cyber incidents involving employees. This is due to more stringent regulations, increased use of technology, and recognition of the importance of a strong cybersecurity culture within the organization – making HR busier than ever, and an integral part of cyber risk management.
It is predicted that HR will play an even greater role in corporate cybersecurity management in the coming years. It has never been more important to take preventative cybersecurity measures such as implementing secure hiring, onboarding and training practices to minimize the risk of a breach, and a mix of transparency, accountability and the right tools could make HR and cybersecurity a winning team.
The Most Common HR Cybersecurity Issues
Let's take a look at some of the most common data security issues facing HR departments:
Any vulnerability related to passwords, authentication, or access control poses a significant business risk to an organization. Unencrypted devices such as the phones, tablets and laptops of HR employees are also vulnerable. In fact, mobile devices are a prime target for hacker attacks.
Fortunately, with the rise of hybrid working, many organizations today are implementing security measures for mobile devices used by employees to do their jobs, such as multi-factor authentication (MFA) and remote wipe. (MFA requires multiple proofs of identity before accessing a network, while remote wipe technology allows network administrators to erase stored data if a device is lost or stolen.)
Spear phishing attacks involve sending emails from supposedly known or trusted senders for nefarious purposes. The hackers send very convincing emails that trick employees into divulging sensitive data or lead them to a fake authentication portal to steal their credentials. HR needs to make employees aware of phishing - and they also need to be careful themselves, because HR is also very attractive to phishers.
HR teams are responsible for many tasks that involve very sensitive data related to hiring, onboarding, and payroll, and that's exactly what phishers are targeting. In most cases, the phishing emails sent to HR appear to come from a senior executive and ask for a bank transfer or payroll update.
We are becoming more and more accustomed to communicating with our technology. As machines begin to respond to our commands, companies are recognizing the value of chatbots and implementing them into their networks, resulting in a more efficient and user-friendly customer experience across many platforms. However, they also pose security risks.
Employee impersonation, phishing, malware, ransomware, and bot repurposing are all threats that can lead to data theft and alteration. No wonder they urge HR departments that use chatbots for recruiting, automating performance processes and interacting with employees to be very cautious. So do we!
Last, but Not Least…
Employee inattention may not immediately be seen as the biggest threat, but 60% of IT professionals responding to a SecureData survey see it as the biggest security problem for their organizations. That puts it ahead of data theft (13%), external malware (10%) and technology failure (7%). In terms of the type of employees most at risk, members of operations teams top the list, followed by finance staff.
Corporate Cybersecurity in the World of Hybrid and Remote Work
The transition to hybrid and remote work has resulted in many challenges, one of the biggest being maintaining security in remote or hybrid work environments. This is especially true given that, according to IBM, costs tend to be $1.07 million higher for breaches where remote work is a factor in the breach, compared to breaches where remote work isn't a factor.
With remote workers accessing and interacting with corporate data from different locations through different devices and gateways, the number of potential attack points for cybersecurity breaches has increased significantly. Luckily, though, we are also coming up with solutions! Systems integrations make is easier to maintain cybersecurity for teams working together in hybrid or remote mode, for example.
How HR Teams Can Support the Culture of Cybersecurity in the Hybrid Workplace
HR can play a critical role in protecting sensitive information and minimizing employer liability. Let's take a look at what it can do:
Cultivate a Cybersecurity Culture
Because employees are typically the primary source of security incidents, employee engagement is critical to preventing data breaches. Cybersecurity in an organization starts with everyone being properly informed and participating. Employees must know how to identify threats, and should feel confident reporting incidents to HR. They can't protect themselves if they don't know the threats and how to respond (e.g. how to recognize phishing attacks, create strong passwords, physically protect their devices, and more).
The HR department is usually the first and most important point of contact for employees. This gives it a unique opportunity to establish and reinforce company-specific cultural norms and build a cybersecurity culture. Training is one of the most obvious ways to attract cybersecurity talent and should be supported by both the cybersecurity department and HR.
Training resources should include guidance on recognizing common security scenarios, establishing clear procedures for responding to them, a detailed briefing on home office software, and a demonstration of how it is used to secure and handle sensitive data.
HR Compliance Training
GDPR has triggered a domino effect. Many have used it as a model to begin implementing their own data protection regulations, and now 69% of the world's countries have enacted data protection and privacy legislation. Between January 2021 and January 2022, nearly €1.1 billion in fines were imposed for violations of the GDPR – an annual increase of 594%.
Having robust data privacy policies and practices can help avoid such costly lawsuits, so organizations are making HR a driver of cybersecurity risk management alongside IT. This is good news, considering that 61% of IT professionals feel their departments are now understaffed in the face of increasingly sophisticated approaches to cybersecurity.
Why It’s a Good Idea for HR and Security Departments to Team Up
A strong partnership between HR and IT is essential to manage risk in today's technology-enabled hybrid work environment. Determining internal accountability for errors and misconduct is typically the responsibility of IT. However, because of its role in monitoring employee compliance with corporate policies, HR is in the best position to assist when it comes to misconduct or data handling errors.
By making cybersecurity a shared responsibility between HR and IT, you can also develop a more human-centric approach to data protection that combines the strict controls of technology with the softer touch of direct human interaction. The first step, therefore, would be for the two to agree on how their respective cybersecurity roles overlap in setting and enforcing data protection policies to facilitate each other's work.