Cybersecurity is a pillar of a digitally resilient society.
With demand for technological solutions increasing, and even more so in the last 6-months, in parallel with this comes an increase in cybersecurity risks. In 2018, according to the World Economic Forum’s 2018 Global Risk Report, the top three risks to global stability over the next five years were said to be natural disasters, extreme weather, and cyber-attacks.
This is reflected in the World Economic Forum’s Cyber Information Sharing: Building Collective Security Insight Report, released earlier this month, where they write “Cybersecurity is one of the most systemically important issues facing the world today. In little over a decade, cybersecurity has been transformed from a primarily technical domain centered on securing networks and technology to a major strategic topic of global importance. Cybersecurity is a pillar of a digitally resilient society. It is essential for assuring the integrity of the interconnected business and social processes that sit on top of modern societies’ complex digital ecosystems. Its growing importance as an issue has been tracked by the World Economic Forum Global Risk report and now the potential impact of cyberattacks is consistently ranked as one of the biggest risks facing the global economy today.”
Equally, according to one of the cybersecurity leaders, Kaspersky, 57% of businesses now assume their IT security will become compromised.
So what’s cybersecurity got to do with HR?
Well, security is fundamentally about people.
Similar to our traditional Health and Safety Guidelines, we should be identifying risks to our employees and providing the tools and solutions to prevent these risks from coming to fruition.
As a Forbes article outlines when speaking to issues surrounding cloud security specifically, “when we approach cloud security with a “health and safety” mind-set, it becomes part of what we do as an organization rather than something we see as holding things up.”
Security has also come to the fore for HR more so in recent months with the increase in remote working. This has posed issues that may have not been before, such as remote access to internal systems; the security of individual internet accesses and individual and/or personal devices, as well as the monitoring and ownership implications of this security.
- Extreme Fiction: Reimagining the Unthinkable
- 6 Keys To Buying HR Software Successfully
- Leading an ethical revolution with Airbnb
What steps can we take to have more responsibility of cybersecurity within our organizations?
1. Understand the basics of cybersecurity
Without educating yourself on the risks and implications of having poor security, you won’t be able to create a solutions plan moving forward. So… educate yourself! And that doesn’t mean you have to start learning how to code or write in 1’s and 0’s, but just knowing the basics will get you far. Find out the security history of your own organization. Where have been the pitfalls before and how those were solved will also put you in good stead to understand the loopholes and areas to improve or update.
Collaborate with the incumbent owners of cyber security within your organization, whether this is a CIO, CISO, or someone else. By sharing responsibility with these usually siloed departments and functions, you’ll be bringing the human voice into the conversation and be able to bring perspectives like usability and managing the policies and procedures moving forward on behalf of your employees and leaders.
3. Training, education, and awareness
What is often forgotten in plans and procedures, is that a lot of the responsibility falls with the individual employee. Thus training and education program implementation plans and a communication strategy for improving company-wide awareness are vital for successful cyber resilience. The HR voice can bring this human element that may not have been thought of past the actual tools and solutions for security. Have a clear cybersecurity policy that is accessible and shared with all employees as well as a training plan that everyone must complete (as part of an employee on-boarding plan is a great approach.)
4. Be aware of the ethical and legal privacy implications
Be aware and act upon the ethical and legal implications of security vs. privacy. Whether this is how and where employee data is stored and who has access to this, or if it’s surrounding employee monitoring tools, there have to be considerations of this in your planning and implementation of policies and tools.
5. Employee usability and engagement
It’s no good creating a Fort Knox system if it takes an employee and hour just to log into a system and a million and one passwords to remember. Choose the tools and solutions that have the right ration of resilience vs. ease of use, for the best engagement and adherence from your employees.
6. Have a system in place to identify employees who present a risk to cybersecurity
Also known as “Insider Risk”. A Kaspersky study found that out of 5,000 businesses around the globe, 52% believe they are at risk of cybercrime from within. They discuss that “Staff may make mistakes that put their company’s data or systems at risk – either because they are careless and accidently slip up – or even because they do not have the required training to teach them how to behave appropriately and to protect the business they work for.” Work with your IT colleagues to work out how this can be monitored and mitigated against, whilst still respecting individual’s privacy.
7. Remote working implications
A recent McKinsey piece writes that as a result of the COVID-19 pandemic and the rapid surge for digital capabilities, products and services from a remote workforce, cybersecurity teams were “largely successful in taking on a dual mission of supporting business continuity and protecting the enterprise and its customers.” But, they do suggest that those responsible for cyber security will need to anticipate and be prepared enough for “how their workforce, customers, supply chain, channel partners, and sector peers will work together – so that they may appropriately engage and embed security by design. The context of changing customer and employee behavior and a constantly shifting threat landscape must also be considered.”