HR: Why it plays a vital role in cyber security resilience
With an estimated 90% of successful cyber breaches facilitated by human error, human resources directors play an important role when it comes to minimising cyber risk.
When we think of cybercrime and the threat it presents, we often visualise the stereotypical cliché of a hooded hacker inserting matrix-style code to breach firewalls and other means of infrastructure. For this reason, responsibility for cyber security is most commonly left solely to IT and network security departments.
Intqual-pro, an intelligence and security training provider who developed the global leading Cyber Stars Initiative, explain that while robust infrastructure is important, it is responsible for fewer than 10% of successful cyber breaches. The majority of cyber-attacks are rarely technical and exploit human vulnerability and quite often, are targeted at specific individuals who are amongst high-risk user groups in an organisation.
It is therefore critical that human resources help their employees to take ownership of cyber security and to allow them to minimise the risk they pose.
HR can do this through:
Identifying employees, departments and business-specific vulnerabilities
Building an efficient cyber security awareness culture can be difficult, even more so when you aren’t aware who or where is most vulnerable and of high-risk. It is important for human resources to take the time to correctly profile their organisation’s staff through risk assessments, including spear-phishing tests and digital footprint profiles, to allow for structured, focused and relevant training.
Educating key employees and spreading cyber awareness across the wider workforce
Studies show that employees are far more receptive to information when it is transferred at a peer to peer level, rather than enforced through a hierarchical structure. As well as training staff to basic cyber security standards and enabling them to engage with cyber risk, it is also essential for HR to identify key employees as cyber “ambassadors” – these individuals are then responsible for spreading new awareness across the wider workforce; encouraging a culture of cyber security resilience.
Sustaining cyber security resilience through continuous learning & development
A common issue in many organisations is they retrain all staff each year in exactly the same way, consequently reducing levels of engagement. To efficiently increase knowledge retention, HR should regularly assess staff across a broad range of cyber security topics and in those who answer incorrectly, individual pieces of specific education should be provided before assessing them on the same topic at a later date.
HR professionals don’t need to be experts in cyber security. At its core, cyber security is a human issue and starting a cross-departmental conversation with IT is the first step towards resilience.
In 2014, Intqual-pro developed the Cyber Stars Initiative to reduce the cyber threat facilitated by a lack of employee awareness and confidence. The qualification programme, backed by high-profile organisations, has since been delivered in over 30 countries and is currently the only cyber security awareness programme with an official UK Government regulated qualification attached.