Cybersecurity isn't just an IT issue. It needs to be baked into the core of an organization's culture. Part 1 - Why HR Needs To Care.
Marcy Klipfel: Hello from Businessolver, and welcome to the first installment of our series on cybersecurity for HR professionals. I'm Marcy Klipfel, and I lead the engagement team here at Businessolver, and I'd like to introduce you to my friend and colleague Tom Pohl.
Tom Pohl: Hello, I'm Tom Pohl, and I'm the Vice President of IT Systems here at Businessolver.
Marcy Klipfel: So, I think today we'll just start by simply asking, why should HR professionals care about cybersecurity? I mean really Tom, it's an IT responsibility, so why should we all care about it?
Tom Pohl: You know, we actually made t-shirts here a couple years ago, that said "Security" on the back, but we left off the letter “U” because we don't have security without you, right?
Marcy Klipfel: I like that!
Tom Pohl: So it's super important that everyone's involved in security.
Marcy Klipfel: But why specifically should an HR professional really care about cybersecurity?
Tom Pohl: It really comes down to a combination of who's got access. People are our greatest asset in an organization, but they're also potentially the greatest liability. And so making sure that we train our people, it's got to be both IT as well as HR in order to make sure that we've got the right processes, procedures, and training in place in order to make a cybersecure workforce.
Marcy Klipfel: Sure. So, what's probably on everyone's mind is, now that you're telling me I have to wear a cybersecurity hat, too? We're being asked to do more and more with less and less within the human capital realm. So, how do I make the case for more resources if I need to really put an emphasis on cybersecurity?
Tom Pohl: Yeah. In this day and age, we hear about it almost every week of another organization getting breached, losing tons of data, having that have a negative business impact. Data breeches have huge business (and PR) ramifications, which makes a huge case for why we need to focus on securing our systems, our resources, our people.
Marcy Klipfel: So what would be one of the most simple examples that you could give where someone, an employee, inadvertently did something that led to front page news of breaching security?
Tom Pohl: You know, there are a lot of ways that that could happen. Clicking on a phishing email, where they give access or type in their credentials to a third-party website that then takes those credentials and uses them against your organization. Or tricking you into sending data or information. There was a recent case where someone spoofed being the CEO and said, "Hey, send over all the W2s for your organization," and the HR employee dutifully did so because they thought it came from their CEO. And it turned out, it wasn't, and they ended up sending all that sensitive information to a bad guy.
Marcy Klipfel: So, there's real dollar impact here, right.
Tom Pohl: Real impact. Yeah.
Marcy Klipfel: Which is a great way for an HR professional to make a case, maybe to a CFO, about why to invest.
Tom Pohl: Exactly. In this day and age, the talks about cybersecurity goes all the way into the board room, which is great, because it really is becoming a harder and harder problem, and more critically that we solve this problem logically and strategically.
Marcy Klipfel: Awesome. So, in your mind, if I were to walk away with one thing, if I had to walk into my board room tomorrow and I had to say, "Listen, we have to put more of an emphasis on cybersecurity, both from the people aspect and the infrastructure access," what would be the one thing you would advise me to make sure I hit home with my board or my executive leadership team?
Tom Pohl: Security needs to be baked into the culture. It needs to be something that's a core value for the organization, if it isn't already.
Marcy Klipfel: Okay. I love that. Well, that's all the time that we have for today. Thank you so much, Tom, for joining us, and thank you all for joining us. Please make sure you share this with your colleagues and your friends, and until next time, see you later.
Tom Pohl: Have fun!
Convinced? Download our full guide, How to Avoid Becoming a Security Breach Headline here.