When Cybersecurity Becomes an HR Issue

A company’s cybersecurity is only as good as its least careful employee. Whilst not a core function of the role, if human resources start to take cybersecurity more seriously and implement policies and procedures to match, then it will naturally permeate across the business and contribute to a stronger cybersecurity posture for the organisation.

Noel Allnutt

In a feature article written by Louis White for Human Resources Director (HRD), Sekuro’s Managing Director Noel Allnutt shed light on the role of human resources in cybersecurity. Addressing the increasing prevalence of cybercrime today, Noel made a call for action to organisations, encouraging more active human involvement in fighting cybercrime.

Effects of Cybercrimes

Citing the annual Cyber Security report (July 1, 2020 to June 30, 2021) provided by the Australian Cyber Security Centre (ACSC), Noel called attention to the concerning increase in the number of reported cybercrimes this financial year. 

In the reported period, self-reported losses from cybercrimes in Australia during the latest financial year added up to a total of AUD $33 billion. Moreover, the rising trends of organisations shifting to remote working arrangements due to the pandemic has rendered Australia’s cyber systems more vulnerable to attacks than ever. This gives malicious cyber attackers more opportunities to steal money and personal information, of which losses were reported in over 75% of all pandemic-related cybercrime reports in Australia.

Why should human resources be concerned with cybersecurity?

According to Noel, humans are considered the weakest link and the largest attack surface to cyber attacks. He expounded this statement  on how employees are an organisation’s most vulnerable entry point into the network with examples such as: 

  • Clicking on a phishing email,
  • having poor passwords, and
  • Using unapproved applications to store and send files.

While it is true that the organisation’s technology department and the IT companies are responsible for acquiring reliable software and hardware to build a strong cyber defence system, Noel emphasised that human resource teams have an equally crucial role to play in the fight against cybercrime. 

How human resource teams can get involved

Knowing that employees are an organisation’s most vulnerable entry point into the network, what steps can your organisation’s human resources team take in the fight against cybercrime? Guarding against cybercrime starts from the very beginning of an employee’s journey in the organisation, which is why the role of human resources in cybersecurity is crucial. 

Here are how human resources can get involved:

  1. Human resource teams can mandate taking all new employees through the organisation’s cybersecurity policies during their onboarding process, which will establish a basic understanding of what actions to take–and not to take– when accessing the organisation’s cyber systems.
  2. New employees can be made to sign mandatory cybersecurity policies– this will ensure that they take ample heed of these rules.
  3. Enrol all employees in professional cybercrime awareness training, which will prove to be a worthwhile investment in the long run when financial losses from cybercrimes are prevented.
  4. On a managerial level, human resource teams can look into establishing designated security awareness leaders or groups who are in charge of enforcing security protocols in the organisation.

“Similar to the age-old fire warden, these groups would be responsible for ensuring security policies are followed in the day-to-day work environment by spotting poor practices and fostering a culture of security across teams.” Noel explained.

Cybersecurity is a board-level priority

“No sector of the Australian economy was immune from the impacts of cybercrime and other malicious cyber activity. Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period – predominantly by criminals or state actors"

Noel Allnutt

Evidently, cybercrimes have the capacity to affect all organisations, regardless of size or industry. Therefore, cybersecurity needs to be made a board-level priority in all organisations. 

Conclusion

While the role of human resources in cybersecurity is definitely vital, organisations should also keep in mind that the responsibility of maintaining cybersecurity falls on everyone in the organisation.

Executives need to make conscious, informed decisions to upgrade their cybersecurity systems, human resources teams need to put in place these decisions and communicate them to employees, and employees need to apply what they have learnt in day-to-day operations, taking care not to breach the rules set.

Scroll to Top