Pin It

Put HR front and centre in your cybersecurity line of defense

By Ching Mac


Cybersecurity concerns can bring a chill to even the most accomplished, seasoned business executives. Making the right changes to properly secure an organization can seem daunting and complex because cybersecurity cannot be ignored or neglected. Research shows cybersecurity is a crucial driver of business value. This continues to be reinforced as global scandals around data security are increasingly publicized and as consumers have higher awareness and expectations around privacy and security.

When we talk about a comprehensive approach to cybersecurity, we often focus on IT workers. However, the strongest approach to workplace security is multi-pronged – it takes commitment from the C-suite, IT team and human resources department.

HR departments have the power to develop effective security strategies and policies, hire the right people and nurture a strong corporate culture. There are various tactics HR departments can deploy to take an active role in security strategy and be among the front line of defense against cyber threats.


Develop the right security policies unique to your organization

More employers are moving towards flexible workplaces, where employees have the freedom to work remotely and choose hours and locations that make sense for them. While this has its own benefits, the right security policies must be implemented alongside it to ensure flexible workplaces also benefit the company’s security.

This means updating policies and procedures to reflect the real world that employees encounter – unique to different functions and departments, rather than a blanket strategy. For example, policies around what mobile technology can be used for which projects, who has access to which data and how he or she remotely views that information. It also means developing a risk strategy that considers how mobile workers and virtual workspaces interact with company data, plus a process for managing employee-owned devices. Finally, it means a communication plan that ensures employees are up-to-date on security protocol and that security training is available and enacted.

These policies can make-or-break a company’s security strategy. A recent survey by Citrix Canada found that almost four in 10 workers feel their employer’s security protocol makes it difficult for them to work remotely. When workers feel protocols make working remotely difficult, they will often find new ways to access work materials by circumventing security protocol – for example, sending work documents to a personal email. HR must work with IT to develop the right policies that do not make employees choose between convenience and security.


Get the right people on your side

HR has their finger on the pulse when it comes to hiring the best and brightest people, and cybersecurity talent is no different. It may, however, require a more creative approach.

A recent report by IT consulting firm Capgemini found there is a cybersecurity talent gap. Among digital skills, cybersecurity has the largest demand and the largest gap between demand and supply. This demand is not likely to diminish any time soon. It offers suggestions for how recruiters can find talent to strengthen their security department. To build strong relationships with these high-demand students, build a talent pipeline that starts with internships designed specifically for cybersecurity students. Or, use innovative ways to recruit cybersecurity talent that appeal to Gen X in style and substance. For example, gaming competitions, gaming apps or gaming assessment – all of which resonate with cybersecurity students. Additionally, HR can look within the organization to bolster the talent of their current workers by offering educational opportunities that enhance individuals’ cybersecurity expertise and overall digital skills.


Make security part of your corporate culture

If employees don’t have a stake in security, will they be willing to make it a priority? Citrix Canada’s survey found that in terms of personal responsibility, 40 per cent of employed respondents answered that they feel zero responsibility to ensure corporate data is secure. The same survey found three in 10 workers (31 per cent) are not aware of the security protocols that their company has in place. These findings glean an overall lack of personal investment in a company’s security.

To make a company “security first,” where security is a core value, requires a shift in overall corporate culture. HR has the power to push a cultural shift by enforcing security policies across all levels (including the C-suite) and finding creative ways to engage all employees in the security mandate. With those at the top actively adhering to HR’s policies and partaking in its efforts (such as not mixing work and personal email or being engaged attendees at security training sessions), employees will hold themselves accountable to those same corporate values and encourage others to do so as well.

Cybersecurity doesn’t have to be siloed to a specific skillset, it can be enhanced by each department’s unique expertise. For HR professionals, enforcing the right policies, recruiting the best talent and enforcing an energetic corporate culture around security are effective ways to make sure an organization’s value grows and remains strong. n

Ching Mac is the director of Citrix Canada.



Pin It