As IT professionals, we’re often seen as unique figures in the workplace.
We might work nonstandard hours, or sit in our own section of the office, or have workday tasks that differ greatly from the rest of our colleagues. But while IT’s day-to-day might differ from our colleagues, securing information technology infrastructure in today’s workplace requires looking past those differences and seeking true interdepartmental collaboration.
When it comes to integrating cybersecurity protocols in particular, one of IT’s most crucial partners is Human Resources. It might not seem like an obvious partnership, given what each group works on: the personal versus the digital. Yet 47% of business leaders report that employee negligence was the cause of a data breach at their organizations—this makes human error the greatest risk to your cybersecurity. And that human behavior is exactly where HR can support.
With data breaches now costing companies an average of $3.92 million, making every effort possible to avoid this risk has never been more important. Here’s what HR departments need to know to be the best partners in securing valuable digital data in the workplace:
Human Resources should feel empowered to protect cybersecurity.
The first step in a powerful cybersecurity plan is to recognize HR’s role in this space, and to make that responsibility clear to all HR professionals at your organization. We often think that this is purely an IT issue, but that’s not the case. In fact, being a great partner in protecting company data doesn’t require a technical background at all—we’ve got that covered in IT.
Simply put, IT departments look to HR to influence employee behavior. Creating an intentional workplace culture is a challenge, but HR is the first line of defense to ensure that an awareness of cybersecurity is woven through every part of the job: from a candidate reading a job description, to a new hire reviewing the employee handbook, to a long-time employee using tech resources during a busy day.
Workforce training is the first line of defense.
HR knows their workforce better than anyone, whether it’s demographics, shift times, technology needs, or communication preferences. This uniquely positions them to determine the best means to explain to employees what’s required in protecting data. Some workplaces do best with independently led online courses and others prefer the communal touch of an in-person group training.
IT will always be responsible for developing the training content, but these insights from HR can guide how that content comes to life and where it’s stored. HR can also suggest enhancements that add dimension to the standard, straightforward training. For example, gamifying trainings by providing points for completion, or awarding expertise levels based on depth of information covered can both keep employees encouraged and engaged. IT can also develop interactive “real life” training examples, such as test phishing emails, which replicate how data can be stolen via email. Employees who click dangerous links then get a follow-up explaining how to handle this situation in the future.
Employee data must be stored securely.
Human Resources is usually the first department to receive sensitive employee data when new hires are onboarded, such as birthdates, addresses, social security numbers and more. It may seem simple to store this data in easily accessible files, but a security-conscious HR department must introduce procedures to implement password protection and encryption. IT can be an invaluable partner in setting up internal systems that keep this data secure without adding unnecessary steps that slow down the workday.
IT professionals are passionate about keeping the workplace secure and functional in today’s hyper-connected world. In partnership with HR, our efforts are only amplified in their ability to promote adoption by employees. If your IT and HR departments aren’t yet in lock step, now is the time to set up those lines of communication. This relationship is key to prevent costly data breaches.