DEVELOP THE RIGHT SECURITY POLICIES UNIQUE
TO YOUR ORGANIZATION
More employers are moving towards flexible workplaces, where
employees have the freedom to work remotely and choose hours
and locations that make sense for them. While this has its own
benefits, the right security policies must be implemented alongside
it to ensure flexible workplaces also benefit the company’s security.
This means updating policies and procedures to reflect the real
world that employees encounter – unique to different functions
and departments, rather than a blanket strategy. For example,
policies around what mobile technology can be used for which
projects, who has access to which data and how he or she remotely
views that information. It also means developing a risk strategy
that considers how mobile workers and virtual workspaces interact
with company data, plus a process for managing employee-owned
devices. Finally, it means a communication plan that ensures
employees are up-to-date on security protocol and that security
training is available and enacted.
These policies can make-or-break a company’s security strat-egy.
A recent survey by Citrix Canada found that almost four in
10 workers feel their employer’s security protocol makes it diffi-cult
for them to work remotely. When workers feel protocols make
working remotely difficult, they will often find new ways to access
work materials by circumventing security protocol – for exam-ple,
sending work documents to a personal email. HR must work
with IT to develop the right policies that do not make employees
choose between convenience and security.
GET THE RIGHT PEOPLE ON YOUR SIDE
HR has their finger on the pulse when it comes to hiring the best
and brightest people, and cybersecurity talent is no different. It
may, however, require a more creative approach.
A recent report by IT consulting firm Capgemini found there
is a cybersecurity talent gap. Among digital skills, cybersecurity
has the largest demand and the largest gap between demand and
supply. This demand is not likely to diminish any time soon. It
offers suggestions for how recruiters can find talent to strengthen
their security department. To build strong relationships with
these high-demand students, build a talent pipeline that starts
with internships designed specifically for cybersecurity students.
Or, use innovative ways to recruit cybersecurity talent that appeal
to Gen X in style and substance. For example, gaming competi-tions,
gaming apps or gaming assessment – all of which resonate
with cybersecurity students. Additionally, HR can look within
the organization to bolster the talent of their current workers by
offering educational opportunities that enhance individuals’ cyber-security
expertise and overall digital skills.
MAKE SECURITY PART OF YOUR
If employees don’t have a stake in security, will they be willing
to make it a priority? Citrix Canada’s survey found that in terms
of personal responsibility, 40 per cent of employed respondents
answered that they feel zero responsibility to ensure corporate
data is secure. The same survey found three in 10 workers (31 per
cent) are not aware of the security protocols that their company
has in place. These findings glean an overall lack of personal invest-ment
in a company’s security.
To make a company “security first,” where security is a core value,
requires a shift in overall corporate culture. HR has the power to
push a cultural shift by enforcing security policies across all lev-els
(including the C-suite) and finding creative ways to engage all
employees in the security mandate. With those at the top actively
adhering to HR’s policies and partaking in its efforts (such as
not mixing work and personal email or being engaged attend-ees
at security training sessions), employees will hold themselves
accountable to those same corporate values and encourage others
to do so as well.
Cybersecurity doesn’t have to be siloed to a specific skillset, it
can be enhanced by each department’s unique expertise. For HR
professionals, enforcing the right policies, recruiting the best tal-ent
and enforcing an energetic corporate culture around security
are effective ways to make sure an organization’s value grows and
remains strong. n
Ching Mac is the director of Citrix Canada.
HR MUST WORK WITH IT
TO DEVELOP THE RIGHT
POLICIES THAT DO NOT MAKE
EMPLOYEES CHOOSE BETWEEN
CONVENIENCE AND SECURITY.
ammentorp / 123RF Stock Photo
30 ❚ JUNE 2018 ❚ HR PROFESSIONAL