The exact remit of HR will vary from organisation to organisation, but one area that’s increasingly on the agenda is cyber security.
Cyber security is as much about people as it is about technology, so HR leaders need to be just as involved in any large-scale cyber initiative as their IT counterparts.
Here are 3 key drivers that explain why cyber is becoming a more pressing subject for HR leaders:
There is no blueprint for getting this correct, but the HR departments that have the greatest success with cyber security seem to share the following behaviours:
It is important for HR to establish effective lines of communication with their IT department – given the overlap in responsibility, it’s easy to either duplicate effort or leave gaps. HR and IT need to agree clear boundaries of responsibility, while collaborating on those challenges that have both a technical and people dimension, as many in cyber security do.
Providing ongoing training/education is a huge part of cyber security. This is where HR should not assume employees know it already and provide guidance with being able to ask questions.
In many offices, relaxed attitudes towards security are accepted. People joke about using the same password for every platform and device, and senior staff fail to lead by example. One of the primary aims as the HR function needs to be to develop a self policing culture where complacency is considered unacceptable.
Visibility is key. When people do something well, HR needs to publicly celebrate that. However, if someone makes a mistake it would need to be proactively reported to the appropriate person. With thinking carefully about how to respond, as admonishments may deter others from admitting their future errors.
Every department will need its own policies relating to cyber security, and both IT and HR should be playing active roles in the development of those policies. However, encouraging the department in question to initiate its own ideas. After all, nobody will understand the idiosyncrasies of that department better than the people within it. This “hub and spoke” approach, where there are company wide HR and IT policies standardising certain cyber security practices, alongside more departmentally specific initiatives, will typically result in the greatest overall adoption.
One of the greatest sources of threat is when employees leave the business. In fact, over half of employees leave the job with some sensitive information (usually through carelessness rather than any malign intent). Ensuring the off-boarding process places a major emphasis on cyber security is paramount. Likewise, remote workers represent another vulnerability, and as greater emphasis is now being placed on flexible working conditions this issue is only going to grow. The sooner the organisation establishes robust remote working practices that place cyber security at their core, the better.
Contact us today and see why our cyber security recruitment services are trusted by FTSE 100 companies and UK Government Departments.