Human Resource Managers have a unique position to improve the organization's cybersecurity posture. One huge mistake some organizations make in the terms of cybersecurity is leaving the responsibility to the IT department alone. Human Resource Managers have the ability to help shape this culture by working hand in hand with Information Technology Managers in policy writing, work space design, and in other ways that will increase security measures. Enabling the human firewall is the best form of defense against cyber-attacks.
The rise in modern technology and digital communications poses as an increased risk for attacks. The SaaS industry market report for 2017 revealed that the average organization uses 16 forms of software as a service application. They all require passwords. In addition, the 2017 Verizon Report states that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. What policies does your Human Resource Manager have in place to protect company passwords? Taking some time to evaluate your current role in security as a Human Resource Manager is extremely worth-while and can pay off big for your business.
Look at your Work-Space Design
Another way that Human Resource Managers can protect the security of companies is to influence the layout of the interior design of work-spaces and visitor access. Many companies are lending way to open-concept offices. Although there might be some positive effects of these open-work spaces, they do pose as an increased security risk. Imagine there are two men dressed as construction workers carrying around a clipboard outside your building. One convinces an employee that they need to do a routine maintenance check. Now they've made it inside the open-concept work space. Sometimes open work-spaces can result in lower concentration levels by employees. Employees need to be sharp and focused to make the best decisions. Also, there's information gathering and more that can be done once inside. What if they decided to deploy a USB drop? Think about the damage that could be done.
Protect with Robust Policies
Consider all the policies that Human Resource Managers can implement to improve your organization's security. For example, implement policies about the use of social platforms, have procedures in place for password management, and enforce requirements for when one is working remotely to improve security. Human resource policies can expand well beyond ethics, discrimination, and sexual harassment. Teaming up with Information Technology Managers to create a comprehensive list is crucial to protecting your company.
Build a Security-Minded Culture
Try to establish a top-down culture. In other words, if the employees see security best practices as important to C-level and management, then they will most likely act accordingly. Moreover, each department lead can help manage the policies put into place by the Human Resource Managers. Recognize employees when they practice security conscience behaviors. Most employees do not want to be the person who let a hacker through or caused a breach and it only takes one click to allow a cyber-attack. Make sure your organization has a security-minded culture in place and policies to back it up.
Change Behavior with Security Awareness Trainings
To really change behavior, people need to feel invested in the security measures and to realize what is at stake. Also, in order to expect employees to know what best practices to use, they need training. The employees should have on-going course engagement so that they are always keeping up with the latest recommendations. S.H.I.E.L.D. Cybersecurity Awareness Trainings provide real-world scenarios with engaging content. Our courses include automated reporting so that you can track increased security awareness.
Check out our other blogs on Physical Security:
What is IT Security worth without Physical Security? Employees should Watch out for Tabnabbing
Your #1 Security Threat - Well-Intended Employees Create a Top-Down Culture
USB Drops: Would your Employees Take the Bait? The Threat Within
Top 5 Security Awareness Training Topics Social Engineering Takes on Many Shapes
Poisoning the Water Cooler Insider Threats are Weakening Your Physical Security
