HR as a cyber security champion

A thief (dressed in black and eye-masked) representing Cyber securityAnother policy has been issued from the depths of the IT function about encryption, security upgrades and phishing. So what?

If a policy has no obvious WIIFM (what’s in it for me?) or if its content is designed to make eyes glaze over, then it’s going to be tough getting employees to pay attention.

But HR’s expertise is in WIIFM – including new benefits, salaries, annual reviews, training, occupational health checks etc – is second to none. WIIFM is central to what happens across HR day in day out.  The key skill of course is being able to work out how to motivate people, how to get them on board, how to get them to value something, how to keep them safe or how to get them to pay attention…..to name just a few!

Cyber Security – boring and pointless or WIIFM?

  • Avoid getting your embarrassing pics from your last holiday splashed across the internet by a feisty and irritating ex
  • Who will you have to face today if your whole department is ‘down’ because you carelessly (or in ignorance) clicked on a virus?
  • How do you fancy a disciplinary meeting that could result in dismissal as a result of you leaving your device on public transport – unlocked and confidential information now in the hands of the Information Commissioners Office?
  • Your pay details have just been leaked by a disgruntled ex-colleague to the papers – along with another 50,000 of your colleagues. Now the person sitting next to you knows that you are paid substantially more than they are. Awkward!
  • After a hard day at work you get home to find that the order you placed last night for £350 worth of goods was in fact placed on a website masquerading as the one you thought it was and all that hard earned cash is gone for good.

Cyber Security is not just about protecting the organisation, its about protecting all of us and if HR can support getting that message across and developing knowledge and confidence then it’s a win/win for all concerned.

But what exactly do we mean by Cyber Security?

Cyber Security is all about protecting information and money. Information belonging to the Organisation as well as information belonging to every employee, worker, associate or consultant in the Organisation. Money that either belongs to the Organisation, its future sales revenue, or that belongs to us as individuals.

Cyber security is about protecting our information and our money. To protect it we need to understand and use the available security for devices, online accounts, websites etc and we need to be a little bit canny to the underhand, dishonest and at times downright evil practices of certain individuals who have a very different agenda when it comes to WIIFM – which for them means maximise theft, embarrassment or fear (or all three!).

So what can HR do?

In a nutshell HR has two jobs to do here:

Policies: Ensure there are both clear and clearly understood data security, internet and cyber security policies in place. You can find a few examples here…. Issuing them is one thing but knowing that they have been read and understood is something entirely different but if you work on motivating through WIIFM we are sure you will come up with a creative solution to this!

Good training: Ensure that staff understand those policies, understand why they are needed, understand the WIIFM, understand the part they have to play in protecting the organisation (and themselves), feel confident with the terminology/jargon, understand what they are protecting themselves from etc. (you can access some cyber security or data protection eLearning for employees in our eLearning store).

Of course, to do this you first need to educate and develop the confidence of your HR team otherwise it will be a little like the blind leading the blind!

If your HR team think that this is phishing …

Or, if your HR team think that public WiFi is safe …

Or, if your HR team think that encryption is what you write on the inside of a wedding ring …

Then Houston you have a problem!

  1. Train up your HR staff.
  2. Develop good policies.
  3. Then move on to training up your Directors and Non Execs or Trustees.

Finally, last but not least and incredibly importantly …

  1. Start developing the confidence and knowledge of your employees:

The information contained within this article is for general guidance only and represents our understanding of employment and associated law and employee relations issues as at the date of publication. Jaluch Limited, or any of its directors or employees, cannot be held responsible for any action or inaction taken in reliance upon the contents. Specific advice should be sought on all individual matters.

to top button