[BreachExchange] Is HR Responsible for Web Security?

Audrey McNeil audrey at riskbasedsecurity.com
Mon Aug 21 19:16:54 EDT 2017


https://blog.hrtechweekly.com/2017/08/17/is-hr-responsible-for-web-security/

It is safe to say that cybersecurity should be among a business’s top
priorities. While malware like WannaCry spreads around the globe, ruining
company after company, small and large businesses alike should be focused
on strengthening their digital defenses and building a workplace culture
focused on security. Undoubtedly, most HR professionals will wholeheartedly
agree with this sentiment – but many won’t lift a finger to address gaps in
their employers’ cybersecurity.

There are often concerns over who should build and maintain cybersecurity
within a business. On one hand, security software is installed on tech
devices, which belong in IT’s wheelhouse. Then again, a security breach
affects customer relations, so perhaps the customer service department
should ensure every device is protected. However, the truth is that HR
should take the bulk of the responsibility for keeping a business safe.
Here’s why.

HR Protects the Business and Its People

Through incentivization efforts, behavior-monitoring, policy-setting,
management of resources, and more, HR departments work to reinforce the
integrity of the business’s foundation: its people. Furthermore, HR
provides support for the business, its employees, and ultimately its
customers, assisting in the achievement of personal and organizational
goals that benefit everyone. Because security should be a primary goal for
modern businesses, web security measures should be a top concern for HR
departments, too.

When a cyberattack is successful, it isn’t just the faceless company that
suffers. Often, employee private information, perhaps including payment
data, is leaked as well as business-related financial information.
Conversely, a business’s tech assets are hardly imperiled by hackers, who
are rarely interested in destroying software or able to impact hardware, so
the IT department has little to fear from cyberattack. Because HR serves
the business and its employees, who are most threatened by cyber-dangers,
HR should work to ensure such data is well-protected by comprehensive web
security software.

HR Influences Corporate Culture

Yet, effective security software is just one piece of the cyber-protection
puzzle. Security experts assert that more often than not, a business’s
employees are responsible for data breaches and successful cyberattacks.
After all, it is the employees who visit questionable websites, who open
shady emails, who click suspicious links, and who fail to install timely
updates. Because HR is responsible for employee behavior, HR professionals
should actively work against these unhealthy and insecure practices by
influencing the culture of the workplace.

HR already has a massive impact on corporate culture. Recruiting efforts
can target certain personalities, which form the foundation of a workplace
culture. Additionally, HR designs policies and guidelines which shape how
employees behave. HR departments should use this sway to establish a
culture focused on security. Hiring security-minded workers, hosting
regular security trainings, and instilling the idea that security is
everyone’s job are ways to ensure employees are aware and alert to security.

HR Understands Compliance Rules

There are all sorts of laws and regulations outlining how businesses should
behave, and HR should be familiar with all of them to keep the business
safe from fines, litigation, and worse. Often, these rules concern payment
minimums and structures, mandatory vacation time, and termination means and
methods – but increasingly, the government is turning its attention to
online behavior. Already, seven major industries have compliance
obligations for digital data. Because HR professionals are already
well-versed in adhering to compliance rules, it is hardly a stretch for
them to understand burgeoning security regulations. Instead of trying to
manage compliance and action in different departments, businesses can
streamline the process by giving HR total control over web security efforts.

HR Relies on Technology

These days, every aspect of a business relies on technology – including the
HR department. HR professionals use all sorts of digital tools to manage
their workforces, from payroll platforms to internal messaging services to
online recruitment processes. Should a business’s network be compromised by
cyberattack, HR will be as unable to complete their tasks as any other
department. If for no other reason than this, HR should be concerned about
internet security.

Security failures are bad for business, but they are particularly bad for
HR. Because HR departments’ goals align with those of security efforts –
and because HR professionals are already well-equipped to handle the
intricacies of cybersecurity – HR should be responsible for a business’s
web security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170821/ad148e04/attachment.html>


More information about the BreachExchange mailing list