Six Cyber Security Measures Every HR Leader Needs To Consider

The exact remit of HR will vary from organisation to organisation, but one area that’s increasingly on the agenda is cyber security.

Cyber security is as much about people as it is about technology, so HR leaders need to be just as involved in any large-scale cyber initiative as their IT counterparts.

Here are 3 key drivers that explain why cyber is becoming a more pressing subject for HR leaders:

  1. Cyber security has a major impact on the lives of every employee - not only within their professional environment, but also personal lives. As most people will at some point be affected by cybercrime, directly or indirectly. Therefore developing a culture of awareness is key in protecting all round employee welfare.
  2. Awareness cyber security is a company wide issue - there is not a function in the business not affected by cyber threats. Simply siloing the subject within IT only addresses a fraction of the challenge.
  3. The biggest challenge is in changing human behaviour - As Phil Scully explained with the The Cyber Leaders’ Network, “It’s fairly easy to implement a new firewall, but nearly impossible to stop people writing their passwords on post-it notes”. Needless to say, HR needs to play a central role in driving the behavioural changes required within any cyber security initiative.

The Six Steps

There is no blueprint for getting this correct, but the HR departments that have the greatest success with cyber security seem to share the following behaviours:

Communication

It is important for HR to establish effective lines of communication with their IT department – given the overlap in responsibility, it’s easy to either duplicate effort or leave gaps. HR and IT need to agree clear boundaries of responsibility, while collaborating on those challenges that have both a technical and people dimension, as many in cyber security do. 

Training

Providing ongoing training/education is a huge part of cyber security. This is where HR should not assume employees know it already and provide guidance with being able to ask questions.

Culture

In many offices, relaxed attitudes towards security are accepted. People joke about using the same password for every platform and device, and senior staff fail to lead by example. One of the primary aims as the HR function needs to be to develop a self policing culture where complacency is considered unacceptable.

Success

Visibility is key. When people do something well, HR needs to publicly celebrate that. However, if someone makes a mistake it would need to be proactively reported to the appropriate person. With thinking carefully about how to respond, as admonishments may deter others from admitting their future errors.

“Hub and spoke” approach

Every department will need its own policies relating to cyber security, and both IT and HR should be playing active roles in the development of those policies. However, encouraging the department in question to initiate its own ideas. After all, nobody will understand the idiosyncrasies of that department better than the people within it. This “hub and spoke” approach, where there are company wide HR and IT policies standardising certain cyber security practices, alongside more departmentally specific initiatives, will typically result in the greatest overall adoption.

Weak spots

One of the greatest sources of threat is when employees leave the business. In fact, over half of employees leave the job with some sensitive information (usually through carelessness rather than any malign intent). Ensuring the off-boarding process places a major emphasis on cyber security is paramount. Likewise, remote workers represent another vulnerability, and as greater emphasis is now being placed on flexible working conditions this issue is only going to grow. The sooner the organisation establishes robust remote working practices that place cyber security at their core, the better.

Contact us today and see why our cyber security recruitment services are trusted by FTSE 100 companies and UK Government Departments.