Cybersecurity has traditionally been seen as a job for IT departments – and most employees assume that cybersecurity is simply a technical issue. But an examination of current threat types shows that social engineering attacks on employees is now a major concern for corporate security. However, protecting employees from social engineering attacks means protecting the whole person – at work and at home. The challenge becomes the line between what is corporate and what is personal. Innovative Human Resources (HR) departments have a solution. Cybersecurity can be a gift to employees, not unlike health insurance. This new benefit further underlines HR’s important role in promoting a healthy corporate culture…including cybersecurity.
Cybersecurity – The role of HR in mitigating risk
It is estimated the financial impact of cybercrime costs the global economy nearly $3 million per minute with 27% of all cyberattacks resulting from employee errors. Many companies are aware that employees are the weakest link in an organization’s cybersecurity. 9 out of 10 times, it is unintentional. Yes, you might get the odd disgruntled employee, but more often than not, employee negligence is the primary source of data breaches. From falling afoul of phishing, to accidental installation of malicious apps and using unsecure networks, the variety and prevalence of cyber-traps are growing daily. Even common behaviors that seem trivial, like shared passwords, lax BYOD habits, remote working, and leaving devices laying around – all can lead to loss of data or even large sums of money.
Since people are a key factor in many cybersecurity-related issues, HR should be involved to minimize the risk. Why? HR is uniquely equipped to humanize and promote security within an organization. Whether it’s through the onboarding process, providing security guidelines or educating employees, the HR department can cover the majority of cybersecurity threats – and your company will be much safer for it. “HR leaders can engage employees in recruitment, culture, and education to boost awareness and adoption of new policies to help IT teams develop a “human firewall” for your organization, turning employees – your greatest security threat – into your greatest asset,” says Marcy Klipfel of Businessolver.
Some forward-thinking companies already employ the skills and insight of their HR teams to enhance risk mitigation. But as the digital footprint of an individual continues to grow like a ripple effect, and the lines continue to blur between personal and business use of technology, modern cybersecurity requires more than firewalls, antivirus and HR polices. If a business is serious about protecting itself and its employees, it’s time the business started thinking about offering cybersecurity as a HR benefit.
Cybersecurity as an HR benefit
We live in a digital era and, as such, it’s likely that most, if not all, of your employees have a digital footprint. This is normal. Daily, most of us engage in some form of online activity, such as photo sharing, online dating, banking, shopping, gaming, and social/professional networking. Like it or not, these all add to one’s digital footprint. And that’s not all. Others may post photos or information about us online. And then there are search engine histories, smart phone geolocation data, etc.
While an individual’s growing online digital footprint and relentless tracking of all their thoughts and data might not be a problem to them, it may be exploited by those with malicious intent. What your employees do and say online, or how they use digital devices, can make them and your organization vulnerable to a range of security threats. Most hackers are just looking for that one right chance and an employee’s online activities can create an ideal passageway into your company, potentially resulting in unintended, or even catastrophic, consequences.
Unplugging yourself or an employee from the rest of the world is not really an option. But what is an option is that your company can help protect its employees – while protecting itself. While it’s a novel concept, data hygiene management should now be considered the newest employee benefit. Like a person’s health, if things go bad, cybercrime can be very costly for the individual. Like health insurance benefits, cybersecurity benefits reduce the financial risk and give peace of mind.
Future of cybersecurity
The biggest challenge for HR is explaining the threat of social engineering to individuals while not being perceived as “Big Brother.” Employees can be very wary of privacy, though at the same time may not be very aware of the vulnerability of their personal digital footprint. But everyone is susceptible to cyberattacks and the impact can be severe for both individuals and their employers. The perceived value of cybersecurity as an HR benefit will only increase with time – and with the preponderance of cybercrime. Prescient employers are making moves now to bolster their cybersecurity culture and offer a competitive benefit that will be attractive to employee candidates.
Become a Subscriber to receive timely articles on human-centric security issues: