Top 4 Cyber Security Priorities for L&D / HR Professionals

We’ve summarised our Top 4 Cyber Security priorities, helping you better equip your employees and protect your business reputation.

Bcorp Logo

“Culture eats strategy for breakfast, lunch, and dinner.”

- Peter Drucker, Management Guru

As the move to distributed working practices accelerates within the digital transformation, HR and L&D’s role of supporting and shaping corporate behaviour has crossed over into a technology-led domain.

Cyber security has not traditionally been within the scope of Human Resources but HR departments are more likely than IT to be led and staffed by people with experience and excellence in fostering positive culture change - effective cybersecurity is increasingly a cultural phenomenon and HR are best placed to encourage this.

So where do you start?

Understanding the Risks

Client data breaches make headline news, but potential damage to an organisation by the release of sensitive employee data (salaries, home addresses, appraisal content) is also potentially cataclysmic.

If your HR or Talent team are processing large volumes of resumes it’s all too easy to open an infected attachment or malicious link (e.g. a LinkedIn profile or external portfolio) which can be a vector for injecting malware into your corporate network.

What are the types of impact your business faces?

  • Direct financial impact - e.g. fines, actual theft of funds
  • Damage to reputation
  • Loss of data - industrial espionage
  • Malicious damage to data, ransomware

People and Culture

Talk about being a ‘Security First’ business. Foster an environment where everyone in the organisation is talking about security issues and acting on them is a priority.

Instil your security culture immediately with your new starters - ask the senior management team to get personally involved in discussing the importance of cyber awareness.

Processes

  • Undertake independent security audits, identify high risk and priority data - who can access it and how do you protect it.
  • Set-up an email address for reporting security breaches - available to employees, customers & other third parties.
  • Have processes in place to fix issues quickly.
  • Regularly update security processes.

For instance, law firm Mishcon de Reya recently instructed employees to mute or disable devices in their home such as Amazon Echo and Google Home, in the wake of reports that such devices have been found to eavesdrop on sensitive conversations.

Solutions

  • Train your employees to ensure they treat sensitive information responsibly and guard against social engineering vulnerabilities such as phishing attacks.
  • Create a culture of listening - if someone points out a vulnerability, don’t ignore them - make sure they have a clear channel for communicating their concerns - and reward this activity.
  • Invest in experienced Cyber Security personnel.
  • Make security experience one of the key criteria when assessing the suitability of new hires.

What next?

We've devised a number of workshops aimed at people across a variety of roles and technical backgrounds to assist them in fortifying their organisation's systems and processes.

We would love to hear from you

Speak to us on 020 3137 3920 or get in touch below