What Digital Security Means To HR and How IT Can Help CEO Insights 07-31-2019 By Jim Steinlage President & Chief Executive Officer Table of Contents A Stronger Network is Not the Only Solution Recognizing Threats HR Needs IT Security Know-How Key Takeaway Security breaches are costly and destructive for organizations big and small. Research indicates that cyber crime is on the rise and companies must find a way to protect against people-based attacks. Though cyber security is often thought to be the realm of IT, HR plays a key role, particularly in creating a cyber security culture in the digital workspace. A Stronger Network is Not the Only Solution When hackers launch their cyber attacks, they don’t limit their reach to CEOs and CIOs. Everyone in the pipeline is fair game, and many intrusions are completed through employee devices. HR leadership can help guard against these vulnerabilities, building a strong chain of actions that prevent employees from being the weakest link. The data that HR works with is often the most vulnerable to attack and the most valuable to those seeking to hack it. Phishing attacks, or authentic-looking emails seeking to gather sensitive information are getting more sophisticated every day, with one of the latest being a scam that goes after W-2 forms. The solution? Creating a secure culture that starts with a strong foundation and builds up while making sure your employees are there with you. Recognizing Threats Aside from phishing, other common digital security threats include employees emailing or losing valuable data, logging onto non-secure networks while out of the office, and deliberate malicious attacks from current or former employees. Sophisticated software systems help curtail many risks, but human behavior cannot (at least yet) be coded. For example, one of today’s biggest risks comes from the bring-your-own-device (BYOD) trend that many companies are embracing as part of an overallenhanced employee experience. Obviously, if you want to prevent employees from making your organization vulnerable from within, it takes more than having an internal IT security policy in place. Ongoing employee training is essential to raising awareness and motivating people to recognize and pay attention to cyber threats, even if it’s outside their job responsibilities. And employees must be encouraged to communicate with leadership when they believe they have caused a cyber security incident or notice suspicious behavior. HR Needs IT Security Know-How The IT team is responsible for making sure your business follows best practices in protecting its data, intellectual property, and reputation. It must stay on top of the latest tactics adversaries are doing to evade detection and weaponize cloud services while developing and disseminating security procedures that mitigate data risks. Just as it’s important for HR to work with employees and give them the tools and processes they need for basic security, it’s crucial to collaborate with IT to craft and enforce company-wide security policies, develop up-to-date software solutions, and identify the best tools available. Key Takeaway Whether they realize it or not, HR professionals play a large role in helping to maintain a secure workplace. A joint, comprehensive HR/IT digital security plan allows your business to proactively address cyber attacks before damage spirals out of control.