'We need to look at systems, processes, protocols and the support of HR, staff, management and various stakeholders'
‘We need to look at systems, processes, protocols and the support of HR, staff, management and various stakeholders’
Body: There is mounting pressure on HR leaders to take crucial steps in addressing cybersecurity as it becomes a people-related problem.
Recent research has underscored that people are organisations' biggest cybersecurity risk, aside from external threats. In fact, three in four executives across the world are concerned that their next cybersecurity breach will likely be because of an internal staff error.
So, addressing cybersecurity threats is on the growing list of responsibilities of HR leaders - but what exactly can they do?
HR collaborating with IT on cybersecurity
Melanie Brooks, head of people and culture at Wavelink, told HRD HR leader that collaborating with IT teams is important in addressing cyber threats and to ensure cybersecurity practices at work have a "human-centric approach."
"We're working hand in hand on all these initiatives related to cyber security — I think it's extremely important and very valuable," she said.
Veenu Kandasamy, presales engineer at Wavelink, agreed that as cyber threats become more sophisticated, organisations need to take a holistic approach.
"We need to look at it as an integrated fabric. We need to look at systems, processes, protocols, and the support of our HR, staff, management, and various stakeholders in looking at a holistic IT management and IT security strategy towards mitigating these risks away from our organisations," Kandasamy told HRD.
Most Read
Queensland resolves dispute on long service leave entitlements
From full-time to casual: 'Struggling' employer converts worker's role without consent
Fired for 'verbally abusing' manager? Worker cries unfair dismissal amid health issues
Addressing sophisticated cyber threats is no longer just the role of IT departments, he said.
"IT is no longer just IT people locked in a room just doing something, fixing the systems, and move away. It's more about that collaborated approach because threats are becoming sophisticated," he said. "It's more of an organisational approach, rather than an IT-centric approach."
As an example, Wavelink trialled a refreshed cyber security basic training as part of their onboarding programme.
"I tried it, I had a look, I said: 'Yes, I'm on board, it's an engaging programme that would be great, it really is relevant to our employees,'" Brooks recalled.
From there, they picked the programme up and worked together for a successful rollout to their organisation.
"We'll be working on a communication together. We'll both be having those conversations with our people to make sure they're understanding what this training's about, why it's important, and to ensure that everyone's actually getting that completed," Brooks said.
Training to combat cyber threats
In addition, employees need to have the right skillset and the right information to identify and tackle cybersecurity threats.
"At WaveLink, what we do is provide relevant, engaging training, ensure employees feel valued, and that they have a voice, that they can speak up, and that they're motivated to combat these threats," Brooks told HRD.
This training includes offering customised programmes that are tailored to ensure the information employees get are relevant to their roles.
"We all know our people are key to our success in any business. Our people are also the key to success to combat these cybersecurity threats," she said.
Using tech for cybersecurity
Kandasamy added that using reputable products to mitigate cyber threats is important - but they won't be enough if the workforce don't put in the work to ensure they don't become victims.
"We've got to look at ourselves as we are a potential target, so we need to have a holistic approach, not just get a product and expect the product to fix the problem," he said.
"Managing the life cycle of it can be one part, but what about your users? You need to educate them. You have to bring awareness. You need to have the right protocols and processes."
Kandasamy also advised against reusing passwords and highlighted the importance of using multi-factor authentication as protection against bad actors.
"Next thing, your systems, processes," he further pointed out. "Evaluate them, patch your systems, follow window advises and keep them up to date."
According to Kandasamy, looking into these simple steps in addition to training can go a long way in protecting organisations.
Employees are the "forefront" of evolving cyber security threats, according to Brooks, so they need to be trained, educated, and prepared to deal with them.
"[Threats are] constantly evolving, so the more that we can bring our employees on board and have them educated and skilled up the better," she said.
And the benefits won't be limited to just the organisation.
"If a business successfully educates their employees on these threats and really try and keep their employees informed up to date with the latest threats, that can flow into people's personal life too," she said.
"So, I think it can really help people as well outside of work, which is obviously a good thing."
