When coworkers come to speak with you, it’s rarely because they have good news or want to tell you how many problems they don’t have. More than ever, there’s a chance they’re coming to you to discuss a cybersecurity problem.
Sometimes that cybersecurity problem is a data breach.
If information gets leaked or someone in an organisation is the victim of a hack, panic can set in. It’s times like this that HR professionals may find people looking to them for advice. This can be complex, because though you might manage the IT team, you can’t possibly know as much as they do about your organisation’s digital infrastructure. You might also find yourself in the line of fire because of other people’s mistakes.
It’s imperative for HR to have a cybersecurity plan in place. It should be developed in collaboration with IT, along with day-to-day maintenance but at the end of the day it’s up to you to oversee – and manage – the digital security of your organisation.
Top Tips
Here are some “must do” pointers to get started. Work with your digital team to ensure that practices are followed across-the-board and all parties have up-to-date knowledge:
- Utilize proper security software (VPN, anti-virus, firewall, etc.)
- Secure accounts and passwords
- Learn what scams look like and best practice responses to them
- Keep up to date information on the latest threats
- Create multiple backups of important information
- Make a list of contacts to notify in the event of disaster
Once you have your bases covered, you can take the time to develop your team’s own processes to effectively manage cybersecurity threats. Below, three key tips to ensure you have the best possible defences against digital security threats.
1. Protect yourself before protecting others
Before settling anyone else’s problems, make sure you’re secure. You have to be a pillar of resistance to social engineering scams and malware attacks. To help you do so, you’ll need some knowledge and tools.
A Virtual Private Network (VPN for short) is something few professionals have more than a passing knowledge of. However, they should as it is essential to understanding security amidst the increasing growth in unsecured WiFi networks. What does a VPN do? It’s fairly simple; it’s an app that can be used to secure your internet connection with encryption by connecting to a remote server.
This is important to understand because these unprotected networks are easy prey for hackers to steal information and accounts, or inject malware. The threat of using unsecured servers extends to mobile devices too, so it’s imperative that you educate yourself about exactly how un-secure – and secure – servers work.
2. Share Your Knowledge with the organisation
Your ability to share your knowledge is vital. Protecting yourself means little if those you work with are unaware of the risks they’re taking or don’t know how to circumvent criminal trickery.
Once you’ve got your own affairs secure, disseminate that knowledge and work to protect other users’ devices and accounts. Create a notice with a list of tips, or offer to hold a meeting or masterclass.
Be sure that your supervisors understand the severity of the consequences your company could face following a data breach. They need to know that it could cost them a huge amount if a major breach leaks private information about your organisation or personal information about your clients.
3. Prepare for the fallout
Should (or more likely ‘when’ ) a breach does occur, you’ll be in charge of managing certain aspects of the disaster. As an HR professional, one of your main jobs will be in determining what went wrong. You’ll likely need to work with the IT department to do this effectively.
It may also be up to you to help decide, along with management, how to deal with potential victims of the breach, which may include clients or customers calling in to complain. Will you offer apologies? Compensation? It’s important to recognise that—depending on your company—stolen data may be used in the medium to long term to harass or otherwise disadvantage your company’s daily activities.
Consequently, you’ll need to be able to dismiss the harassment appropriately, a process that may involve filing reports with officials and providing support as needed to those who are struggling or under pressure.
Often, the fallout from a cybersecurity breach can be extremely challenging. On the worst end of the scale, this can include anything from death threats directed at employees, or intense media scrutiny.
It’s also essential to have access to your backed-up records. HR’s records are a window into the essential knowledge of the company and being able to keep them safe and intact will save you quite a few headaches once the crisis management phase is over.
Lastly, remain calm and confident at all times. It’s inevitable that bad things will happen, particularly in today’s climate of digital insecurity. Above all else it’s your job as an HR professional to help maintain focus and ensure peace of mind among your coworkers. Be a leader—your company needs you.
What is your plan to manage your organisation’s cybersecurity? Tell us in the comments.
Hello Diamond,
This article was written in January 2017 and in the wake of the “ransomware” cyberattack that has hit companies and governments around the world, it seems more relevant than ever. Experts according to ABC, BBC and CBC reports believe new versions could emerge. Thank you for bringing this to our collective attention, like a surfer on the crest of the cyberattack wave.