HR’s Leading Role in Information Security

The numbers are startling, but what does it have to do with HR?

In the past, business leaders and corporate boards often looked to senior IT leaders to guide information security, but in today’s increasingly digital landscape, IT cannot tackle the issue alone. With mobile workforces on the rise, bring your own device (BYOD) policies commonplace and vast amounts of information created, accessed and stored by team members across an entire organization each day, information security is now the responsibility of everyone within a company.

Unfortunately, minor and major breaches often result due to the actions of employees. While in some instances these breaches occur due to malicious intent, many could have been prevented or alleviated with the proper training and education.

HR Must Be Proactive, Not Reactive

As reported by Verizon, 65 percent of confirmed data breaches occur due to a weak or stolen password, while 7 percent of all breach cases go undiscovered for more than a year. These numbers are evidence of a lack of education when it comes to online security, as well as a need for more preventative strategies. By providing ongoing security training and education to individuals across the organization, as well as explaining why those rules are in place, HR can help employees understand how their actions can impact the organization as a whole.

HR can’t wait until a breach happens, but should take a proactive approach that starts as soon as an employee is hired, and continues even after they are no longer with the organization. The following are some good places to begin:

  • Implement education and training from the start. New employees must be trained in key security procedures and restricted devices. This information should be included in an employee’s enrollment package and should also be verbally discussed.
  • Cover topics such as how to manage and store data, how to create strong passwords, how to more securely share information and the dangers of phishing scams.
  • Whenever new technologies or new rules are introduced, immediate training and education should follow.

Efficiency Is Key

When forced to make a decision based on current objectives, most employees will choose efficiency over security. This is why HR needs to understand the pain points of employees across the organization. How is it that you can intervene to make their daily tasks more efficient and secure?

For tasks like records management, including onboarding documentation and HR processes, a secure digital system can help you automate time-consuming processes to increase productivity while strengthening overall communication and security. Make sure the technology you implement allows for secure sharing of documents both within the organization and with outside parties such as auditors, and regularly monitors for compliance.

Focus on Culture

When it comes to information security, everyone across the organization must be on the same page. This can be difficult when every department seems to speak its own language, produce different document types and utilize varying types of software and tools. HR should tailor their education and training to meet the needs of each department and employee. You cannot assume that employees in marketing possess the same security knowledge as someone in IT.

As you work hands-on with each department, highlight information security and make it a common topic of conversation. Make it known that open communication is not only accepted but encouraged. Doing so will help you uncover any potential challenges and make changes as needed.

Being proactive can help remedy a potentially catastrophic issue. If a breach or security issue occurs, employees need to know what to do. More importantly, they need tools and resources when an incident does occur. It’s a good practice to develop a reporting system and/or communication channel and make sure all team members are properly coached on how to report a security incident.

People Are Key

HR leaders must actively protect their organization’s data and information. When you take a proactive approach, focus on efficiency and develop a like-minded, security-driven team, you can better protect your company and be better prepared for unexpected incidents.