Cybersecurity is a
significant concern for businesses, and it is only going to get bigger.
In 2016, many companies of all sizes were affected by cyberattacks from outsiders.
But some cybersecurity breaches are inside jobs. Sometimes they
are deliberate. Other times, the breach is due to human error. Either way,
these attacks can have disastrous effects.
Let’s divide HR’s role into five categories.
HR as the Problem.
Sometimes in HR we feel like we are the policy or procedure
police. Well, sometimes we are the culprit, too. As you well know, HR has
access to highly sensitive information, including employees’ Social Security
numbers and some medical information. HR needs to evaluate whether the
background check procedure for those seeking positions in the HR department is
robust enough. In some organizations, criminal record and credit checks are
done for some employees in finance and IT but not for employees in HR. HR needs
to consider this gap.
HR may want to consider including in the employee handbook or
other policies a summary, developed with IT, of do’s and don’ts relative to
cybersecurity. This is not in lieu of but in addition to mandatory employee
Here is but one example: Employees must report immediately the loss of any
device, including a mobile phone, that contains their employer’s confidential
information. Immediate reporting and rapid wiping can mitigate the risk materially.
HR and Employee Training.
As noted, employee training is essential. IT can develop the
training program, but HR plays a key role, too. For example, HR can listen to
the proposed program and make sure it works for the intended audience. Simply
telling employees not to fall for phishing schemes is meaningless unless you
define phishing and give concrete examples.
HR and a Rapid Response
In the event there is evidence that someone is appropriating
confidential information, HR needs to be prepared to work with IT in
questioning the employee and taking corrective action as appropriate. These are
not IT investigations alone. IT should not be expected to have the expertise
necessary to handle employee rights issues in the context of these investigations.
HR and a Business
If there is a cyberattack or an internal breach, whether
deliberate or as the result of carelessness, the company is going to need to
move quickly in response. How will the organization work if its systems are
shut down? When must employees be paid if they cannot work? Legally, what
notification requirements exist if certain employee information (or that of
patients or customers) has been exposed? As with any other crisis, whether it
be a weather disaster, an incident of violence or a pandemic, the role of HR in
the business continuity plan cannot be underestimated.
Is your company well prepared for situations
like these? If you’re unsure, it may be time to reach out to us for help.
Converge HR Solutions has an experienced group of HR professionals that can
ensure you’ll stay up to date, and out of trouble. We do everything from
training, employee relations, policies, and much more. Visit our website for more information https://convergehrsolutions.com/. Contact us directly at firstname.lastname@example.org or 610-296-8550.