Human resources information is some of the most sensitive and critical data on many company networks, and HR staff must work with their organization's IT and security professionals to ensure valuable employee data isn't compromised.
Employee data is susceptible to attack and exploitation via various means, including social engineering, also known as phishing or smishing; malware; missing software updates, which can lead to hackers gaining remote access to a system; and web -- especially ERP – vulnerabilities, including password compromise and SQL injection. HR's fresh perspective and their already-frequent communication with employees can benefit company security.
Here are some of the top reasons why HR professionals have an important role to play in preventing cyber attacks.
HR manages sensitive information
Many IT and security initiatives focus on customer information and intellectual property, with HR records often taking a backseat. However, hackers can exploit employee records, salary details and internal corporate procedures.
HR employees may forget they have sensitive records on their personal devices or fail to follow best procedures for storing and protecting this data.
HR must work with their company's IT and security professionals to ensure HR staff are properly protecting sensitive company information.
HR communicates company policies
HR staff members often work with legal counsel on security policies, including the creation, maintenance and enforcement of acceptable usage policies.
Since HR staff communicates frequently with employees, they are well positioned to share information about security and privacy expectations and often already work to keep security topics top-of-mind for employees. For example, some HR departments host dedicated training initiatives, while others rely on newsletters and videos.
HR helps with compliance
As with security policy work, HR professionals are often a valuable part of compliance-related initiatives because certain aspects of state, federal and international privacy and security compliance regulations require HR expertise. This is particularly true for larger organizations that have office locations or employees in multiple countries.
HR may work on the creation of processes including user onboarding and offboarding, security awareness and training, and the steps for incident response once a crisis occurs.
HR brings a new perspective
Some HR professionals already serve on their IT and security governance committee, as it's only natural that HR should help get the word out on security and assist with policy creation and administration when needed.
HR staff who contribute to these committees should be unafraid to bring new ideas to the table. Their perspective can help IT and security professionals maximize business resilience while minimizing business risks.
5 questions HR and IT should ask to help prevent cyber attacks
When working together, HR staff and IT and security professionals should consider the following questions to help ensure HR is contributing to the prevention of cyber attacks:
- What is HR's current role in improving security for the organization and how can the organization improve it?
- What HR-related information assets exist across the enterprise on both the local network and in the cloud?
- How is the company protecting these assets?
- What gaps or opportunities exist and how can the organization make improvements, technically or operationally?
- What are some quick wins that the company can implement in the coming months to ensure that risks are understood and mitigated to a reasonable level?
Security is not just IT's responsibility -- it's an integral part of the company and must include critical business functions like HR. HR has a key role to play in ensuring the organization is following best cybersecurity practices.