Cybersecurity is becoming a greater concern for every aspect of the business—including human resource departments. With many organizations becoming more digitally focused, technology-centric strategies such as automation, bring-your-own-device policies teleconferencing meetings have become central to an HR team’s success.
However, the adoption of these technologies, in addition to a rise in sophisticated new forms of cyberattacks, has created new risks to the security and privacy of sensitive HR data.
Given that a number of cybersecurity problems emerge as a result of the actions of an organization’s own workforce (90% in fact), HR teams now play an increasingly critical role in the fight against cybercrime within their organizations.
Whether they realize it or not, HR professionals play a large role in maintaining a secure workplace—here are four reasons why:
HR teams are embracing technology tools
Technology is changing the world as we know it, and that includes HR activities. Technology will be incorporated into even more HR functions; according to PwC’s 2020 Human Resources Technology Survey, 74% of surveyed companies plan to increase their spending on HR technology this year.
But with an increase in new technology also comes an increase in cyber risk. One way HR professionals can balance security with new technology is by keeping a keen eye on software updates.
Deploying updates in your software fixes security vulnerabilities through a “patch,” a small piece of software that improves systems, keeps them up to date and fixes security vulnerabilities to keep hackers and malware at bay. When vulnerabilities go unpatched, or unresolved, businesses are left susceptible to cyber attacks or breaches.
In addition, be sure to keep a balance when it comes to granting access to these software programs. Businesses are more susceptible to cyberattacks when hackers can glean data from multiple locations—they can use rogue access points as a simple way to gain access to business systems to capture sensitive data.
HR leaders can opt to utilize role-based security, meaning they can limit data access within a software system based on roles and responsibilities. This ensures that only authorized employees can access privileged information, reducing security risks across the board.
HR professionals are the gatekeepers of personal data
HR teams need to understand that they work with perhaps the organization’s most sensitive data, including social security numbers, dates of birth, bank details, and home addresses, to name a few.
With this fact in mind, HR professionals must have a comprehensive understanding of how to protect data within their department and the company as a whole.
Much of this sensitive information is stored in the company’s payroll, which is often targeted by hackers. Payroll hacking is incredibly popular in cybercrime. In fact, the FBI’s Internet Crime Complaint Center reported that from January 2018 to June 2019, cybercriminals utilized payroll diversion schemes to steal a total of $8.3 million dollars.
Payroll fraudsters commonly target HR teams as well as finance, tax, and payroll employees through business email compromise, also known as phishing, to get employees to divulge personal or financial information to allow system access willingly.
In order to mitigate the risks of payroll fraud, organizations should conduct regular audits and assessments, implement email security measures, and increase employee awareness of phishing scams.
More hiring and recruiting is conducted online
As an effect of the coronavirus pandemic, many organizations have migrated to remote work for a set period of time or the foreseeable future. This means that many HR teams have also migrated to remote hiring and recruiting activities.
Hand in hand with remote work are the many digital communication tools that organizations use to connect with both current and prospective employees. With hiring and recruiting shifting to a digital format, HR teams will likely utilize at least one communication platform like Zoom or Google Hangouts.
When hosting virtual meetings or interviews, organizations should first ensure that they have proper network security, which protects and secures devices regardless of location. This is especially beneficial for virtual interviews, which may have participants logging in from all over the country or even the globe.
Organizations that are conducting remote hiring and recruiting activities should ensure they have a secure network option, like a next-generation firewall, in place, which will help to ensure remote security on all fronts.
Company policies are created and communicated by HR
Although information technology (IT) is often responsible for identifying and deploying cybersecurity measures, the HR department can play an important role in communicating these procedures to the entire organization and ensuring they’re followed and abided by.
With that said, not all of these procedures are overly technical. Simple measures like identifying password security standards, limiting the use of company devices for business purposes, and regularly logging out of accounts containing company data can go a long way. HR teams can create these guidelines alongside the IT team to ensure their workforce is best set for cyber safety.
In addition, HR teams can facilitate training for cybersecurity procedures to ensure all organization members are aware of and understand the necessary measures that need to be put in place.
Once guidelines are put in place, HR should not be afraid to hold employees accountable for following the established policy and revoke the privileges of those who do not abide by those policies.
HR teams now play a greater role in an organization’s cybersecurity than ever had before. With cyber risk at an all-time high, HR professionals must be diligent in their cybersecurity practices, especially with such critical data at their fingertips.
Alongside their IT department, HR departments can have a major impact on the cyber safety of the organization and should use their abilities to set and enforce company policy in the interest of a secure workplace.
