Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label HR Responsibility. Show all posts

Responsibilities of an HR to Strengthen Their Company’s Cyber Defenses


Suppose a company is hit by a ransomware attack today, who will the company personnel call or rely on, to remediate their issue. Most probably, a cybersecurity expert. However, companies nowadays go numb in the initial hours of the incident, since nobody knows anyone’s phone numbers. Lack of access to emails or messaging systems results in a halt, leading to customers and workers just wondering what is going on. This panic further intensifies into a full-blown crisis.

While this may look like a job of the IT and security department, protecting a company reduces down to two ideas – organizational culture and planning – something that comes under the command of human resources. 

The HR department is in a unique position to integrate cybersecurity readiness into an organization's daily operations.Too reduce risks and make sure the company has the skills necessary to be resilient to foreseen difficulties, which include cyberattacks, it is responsible for developing policies and procedures. Additionally, HR departments themselves are major targets for hackers as they are the stewards of employees' private and sensitive information. However, this vital role of the HR team is highly overlooked.

In regards to this, Claudette McGowan, CEO of cybersecurity company Protexxa has mentioned some ways that could help HR make their companies a rather tough target for cybercriminals. We are listing some of these suggestions:

Build a Security Culture 

With the growing cyberspace culture, one can only imagine how many digital issues can be lobbed at a time, making it challenging to determine them all. A strong cybersecurity culture comes to the resort, since it helps organizations to protect themselves against attacks, and minimizes the radius of attack in case it has already been executed. 

However, for this, everyone must be on the same page when it comes to online behaviours. 

To ensure this, HR must make sure that the company is equipped with training tools so that employees can determine what should and should not be done. 

Integrating cybersecurity into performance appraisals is the greatest approach to guarantee that everyone perceives it as a crucial part of their responsibilities. This should not involve criticizing employees for each dubious link they click on. Instead, it ought to be a productive discussion about how they are progressing with their cyber literacy education. Employees can utilize cyber health-check tools to examine their online behaviour and resolve vulnerabilities (such as reusing Pa$$w0rd throughout the majority of the internet or not using two-factor authentication), and similar tools are frequently used to monitor progress toward cybersecurity goals at the organizational level.

Stop Hoarding Data 

The HR department should be active when it comes to updating its data retention policy. ‘Updating,’ since companies are already encompassed with a data retention policy. If not, then the company is bound to hoard this data forever, which may expose it to several risks. The more data a company has, the worse a breach is, especially if the company is storing data that is no longer in use. 

Determine ‘Who Calls the Shots’ in Case of a Breach 

In times of crisis, while everyone may have an opinion on ‘what should be done,’ it should priorly be decided who holds the decision-making power. 

The only requirement in the job description for incident commanders is that they be the person who knows their company's cybersecurity concerns the best. Depending on the size of your company, that may be the head of IT, the cybersecurity leader, or Joanne in accounting who has taken a few courses in this area. Whoever it is, HR must make sure to recognise it and make it apparent to the team before an issue occurs.

Finally, Note the Contacts Down

However old school and mundane it may sound, but contact numbers of the incident team must be noted down, and the list should be updated without fail to make sure that an ‘professional’ is at standby to help an organization resolve the issues systematically.