A company’s cyber security is only as good as its least careful employee. Whilst not a core function of the role, if human resources start to take cybersecurity more seriously and implement policies and procedures to match, then it will naturally permeate across the business and contribute to a stronger cybersecurity posture for the organisation.
In a feature article written by Louis White for Human Resources Director (HRD), Sekuro’s Managing Director Noel Allnutt shed light on the role of human resources in cyber security. Addressing the increasing prevalence of cybercrime today, Noel made a call for action to organisations, encouraging more active human involvement in fighting cybercrime.
Effects of Cybercrimes
Citing the annual Cyber Security report (July 1, 2020 to June 30, 2021) provided by the Australian Cyber Security Centre (ACSC), Noel called attention to the concerning increase in the number of reported cybercrimes this financial year.
In the reported period, self-reported losses from cybercrimes in Australia during the latest financial year added up to a total of AUD $33 billion. Moreover, the rising trends of organisations shifting to remote working arrangements due to the pandemic has rendered Australia’s cyber systems more vulnerable to attacks than ever. This gives malicious cyber attackers more opportunities to steal money and personal information, of which losses were reported in over 75% of all pandemic-related cybercrime reports in Australia.
Why should human resources be concerned with cyber security?
According to Noel, humans are considered the weakest link and the largest attack surface to cyber attacks. He expounded this statement on how employees are an organisation’s most vulnerable entry point into the network with examples such as:
- Clicking on a phishing email,
- having poor passwords, and
- Using unapproved applications to store and send files.
While it is true that the organisation’s technology department and the IT companies are responsible for acquiring reliable software and hardware to build a strong cyber defence system, Noel emphasised that human resource teams have an equally crucial role to play in the fight against cybercrime.
How human resource teams can get involved
Knowing that employees are an organisation’s most vulnerable entry point into the network, what steps can your organisation’s human resources team take in the fight against cybercrime? Guarding against cybercrime starts from the very beginning of an employee’s journey in the organisation, which is why the role of human resources in cyber security is crucial.
Here are how human resources can get involved:
- Human resource teams can mandate taking all new employees through the organisation’s cyber security policies during their onboarding process, which will establish a basic understanding of what actions to take–and not to take– when accessing the organisation’s cyber systems.
- New employees can be made to sign mandatory cybersecurity policies– this will ensure that they take ample heed of these rules.
- Enrol all employees in professional cybercrime awareness training, which will prove to be a worthwhile investment in the long run when financial losses from cybercrimes are prevented.
- On a managerial level, human resource teams can look into establishing designated security awareness leaders or groups who are in charge of enforcing security protocols in the organisation.
“Similar to the age-old fire warden, these groups would be responsible for ensuring security policies are followed in the day-to-day work environment by spotting poor practices and fostering a culture of security across teams.” Noel explained.
Cyber security is a board-level priority
“No sector of the Australian economy was immune from the impacts of cybercrime and other malicious cyber activity. Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period – predominantly by criminals or state actors"
Evidently, cybercrimes have the capacity to affect all organisations, regardless of size or industry. Therefore, cyber security needs to be made a board-level priority in all organisations.
Conclusion
While the role of human resources in cyber security is definitely vital, organisations should also keep in mind that the responsibility of maintaining cyber security falls on everyone in the organisation.
Executives need to make conscious, informed decisions to upgrade their cyber security systems, human resources teams need to put in place these decisions and communicate them to employees, and employees need to apply what they have learnt in day-to-day operations, taking care not to breach the rules set.
Noel Allnutt
Co-Founder and Managing Director, Sekuro
Noel is a driven and award-winning IT leader. He specialises in building teams that enable companies to create a secure and sustainable competitive advantage in the digital economy. Noel also hosts the ‘Building Resilience Podcast,’ which explores the world of sport and deconstructs the tools and ethos of world-class athletes that can help create growth and optimise business and life.
More Articles
Selling the Strategic Imperative of Zero Trust to Your Board
In conversation with Nathan Wenzler, Chief Security Strategist at Tenable (Part 2)
