worker reviewing files

HR’s Role in Data Security

Why does HR need to care about cybersecurity?

Cybersecurity and data security practices are now a workplace culture issue. Why is that? Because most cybersecurity threats come from employee actions. In the Dell End-User Security Survey, the results showed that many employees are likely to share confidential information without following the protocols set in place. 49% of the employees in the survey admitted that they use their personal email accounts for work.

IT and HR can work together to mitigate these security risks by creating risk awareness and risk intelligence for everyone in your organization. Many of the employees in the Dell survey supported protecting information but didn’t feel empowered. Not only does that put the organization’s financial security at risk, but not following procedures becomes part of the company’s culture. It is important to develop employee training programs and communications to help everyone (employees, management, and leadership) identify and understand the risks. One avenue we’ve taken at Archbright is to have a bi-weekly newsletter sent to all staff, detailing any new security risks and tips and tricks to make employees lives a little easier while they interface with technology.

Cyber security training should be a central component of any onboarding process, with new employees trained on basic security training, along with how to properly access and use confidential data. There should also be a focus on email security and learning to spot signs of potentially malicious activity, such as phishing and spear-phishing. Employees are the frontline of ensuring our IT systems and resources are secure, and holding employees accountable for following established security policies and procedures is critical to maintaining secure systems. Additionally, HR should also pay close attention to recovering sensitive information and closing the online accounts of any former employees as soon as possible.

One practice Archbright recently implemented was requiring two-factor authentication when accessing any of Archbright’s systems. This is just one way to stop threat actors, but it requires training to be used effectively.

Otherwise, users may inadvertently provide access to unauthorized individuals regardless of the security tools implemented. Our IT department was able to transition all employees over the course of a couple weeks and held several mandatory trainings via Lunch and Learns and departmental meetings to ensure that all employees felt comfortable with the use of the application and how it’s applied within the organization. These sessions were recorded (as are all of our Lunch and Learns) for any employees who were not available to attend.

Decrease your risk by focusing on your people, processes, and technology. While the threat of a cybersecurity attack can never be completely eliminated, building a cybersecurity culture with established security procedures, employee training, and awareness can help keep your company safer.

Source: Joy Sturgis, SPHR, SHRM-SCP, Content Manager at Archbright and Colin Lyons, Director of IT/BI/PMO at Archbright

nv-author-image

Joy Sturgis, SPHR, SHRM-SCP

Joy has more than 15 years of managerial and director-level human resources experience in both manufacturing and service organizations. As an Archbright Content Manager, her responsibilities include creating and reviewing HR and legal content for all aspects of federal and Washington, Oregon and Idaho state employment law. She also supports our members with a variety of HR functions including HR advice and counsel, handbook and policy review, and employee development training. During her HR career, she has been responsible for leading HR strategies and functions for Washington companies as well as multi-state Business Units. Joy has a Bachelor of Science in Business Administration from Villanova University and a MBA from University of Phoenix.