Business Resources

3 Ways HR Can Play A Role In Cybersecurity

Given today’s technological advancements, cybersecurity has become a key component in every business. Companies are using all kinds of sophisticated technologies and techniques to protect critical business assets.

In fact, as hackers and cyber criminals become more innovative in their crimes, it is becoming increasingly difficult to detect these cybercrimes.

Most countries, including Singapore, consider cybersecurity as one of the critical national security priority. Earlier this year in January, the Singapore Government introduced the Cybersecurity Bill in Parliament. The bill was designed to empower the Cyber Security Agency of Singapore (CSA) to manage and respond to cybersecurity threats. At the same time, the Government will be investing more than S$16 million to strengthen Singapore’s cybersecurity research and development for companies.

Efforts have certainly been stepped up to improve and tighten the cybersecurity amongst companies in Singapore. However, in order for these policies to be effective, employees themselves have to be able to understand the importance of having these controls in place and be able to demonstrate their commitment to uphold proper security measures within the workplace. And this is where the Human Resources (HR) department plays a vital role in up keeping the organisation’s security.

Taking ownership of the security risk posed by employees

Most employees would assume that cybersecurity is a technical matter. However, it is only when a successful attack occurs that they start taking personal responsibility for security or at times, even blame the IT department. These attitudes would make the organisation even more vulnerable to such attacks. Essentially, the HR department plays an imperative role in educating employees on the right attitude – to be alert and abreast about areas or processes that could potentially compromise on the organisation’s security.

Ensuring that security measures and practical and ethical

Policies and measures can prevent employees from acting in a way that puts the organisation at a risk of a cybersecurity attack. However, this has to be consistent with the way employees think and act. For instance, assigning employees with randomly generated passwords can make it difficult for a hacker to crack. For example, companies use an employee self-service-portal for employees to access their own personal information like payslips and tax forms. Every employee will receive their unique login credentials generated by the portal which is easy and hassle-free. However, if most employees have to write down their password, this then defeats the purpose of assigning them in the first place. In such situations, the HR department would be in the best position to advise whether certain cybersecurity policies are likely to work given the workplace culture.

Identifying employees who may present a particular risk

These days, hackers and cyber criminals are getting inside help, knowingly and unknowingly, to launch cyber security attacks on the organisation. At times, these perpetrators also make use of social media to identify a potential target employee that could potentially break security controls – such as employees who have been demoted, made redundant or being dismissed from the organisation. This is where the HR department is able to step in to ensure that an employee’s exit is managed well and to deter any potential cyberattacks on these “high risk” employees.

It can be very challenging to strengthen security controls within an organisation given that cyberattacks are becoming increasingly difficult to detect. However, with the help of every employee within the organisation, this can at least prevent potential cybercrimes from happening. As the saying goes, “prevention is always better than cure”.

If you like our content, remember to subscribe to our e-newsletter to receive the latest tips, articles, tools and exclusive promotions for payroll & HR professionals conveniently in your inbox!

 

eNewsletter Subscription

* = required field