Cyber Security and HRM

 

Business operations excessively rely on data than ever before making cybersecurity as to top challenging priority of the organizations (Culot et.al., 2019). Protection of information includes protection of information assets from unauthorized access, disclosure, destruction, accidental loss, misuse or modification (Kumah et.al., 2022). Breach in information security may lead to loss of sensitive information and productivity which will ultimately lead to huge financial losses and may badly affect the company reputation as well (Kumah et.al., 2022). The major source of security failure is human beings. They are vulnerable to a wide range of security threats from deliberate violation to circumvention of physical and technical security controls. Further possibilities of security breaches have been underestimated by the people making it highly vulnerable (Kumah et.al., 2022).

From HR perspective cyber security can be looked at two ways. Securing HR own data, such as employee salaries, employee personal information etc. With the excessive use of information technology such as cloud computing, artificial intelligence, internet of things in Human resource management, they become vulnerable for data breaches than they have ever before. The other role is to secure operational sensitive data by training operational employees on information security.

Following steps can be identified to be use by HR in accomplishing data security;

1.     Pre-define the data that can be accessed based on the role at the time of recruiting the candidates.

2.     Restrict the access to the data bases at the time of employee resign from the company.

3.     Creating and implementing organizational security policies

4.     Employee files are encrypted and have policies on how employee can access them

5.     Create access control for sensitive employee data that lies under HR team

6.     Promoting cybersecurity culture

7.     Conduct information security training – This is critical in safeguarding organizations’ information. Trainings should be given at the time of onboarding the candidate and thereafter periodically to refresh the knowledge. These trainings should be evaluated periodically, and corrective action should be taken (Kumah, 2022). In developing these trainings HR should take the help of IT industry specialists and industrial and organizational psychologists in order to develop effective training programme (Beyer and Brummel, 2015).

8.     Employee background checks – Important to ascertain whether employee has any criminal background and the character of the employee.

9.     Recruit specialist talent that have competencies and capabilities in term of analysts and programming (Culot et.al., 2019).

10.  Ensure information security policies are align with company mission, goals, objectives and priorities (Chavez, 2018)

11.  Complying with industry norms and adhering to legal regulations (Chavez, 2018).

12.  Implement a procedure to inform on data breaches identified and make sure the process is known by all the staff members (Chavez, 2018).

13.  Responding to the data breach incident reported efficiently and without additional data compromise (Chavez, 2018).

 

In Accenture, behavioral change is done creating a security-first mindset among employees through immersive and relatable learning scenarios to implement culture that secure information. (Accenture, 2019). Further time to time test mails on phishing are send to employees to test whether they practice the knowledge given through trainings. 

References

Accenture, 2019. Information security at Accenture. Available from https://www.accenture.com/fi-en/services/technology/information-security [Accessed on 04th May 2022].

Beyer, R.E. and Brummel, B., 2015. Implementing effective cyber security training for end users of computer networks. Society for Human Resource Management and Society for Industrial and Organizational Psychology. Available from https://www.shrm.org/hr-today/trends-and-forecasting/special-reports-and-expert-views/Documents/SHRM-SIOP%20Role%20of%20Human%20Resources%20in%20Cyber%20Security.pdf [Accessed on 04th May 2022].

Chavez, R., 2018 The role of HR in Cybersecurity. SHRM. Available from https://www.shrm.org/resourcesandtools/hr-topics/behavioral-competencies/pages/the-role-of-hr-in-cybersecurity.aspx [Accessed on 04th May 2022].

Culot, G., Fattori, F., Podrecca, M. and Sartor, M., 2019. Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3), pp.79-86. Available from https://ieeexplore.ieee.org/abstract/document/8758411 [Accessed on 04th May 2022].

Kumah, P., Yaokumah, W. and Buabeng-Andoh, C., 2022. Identifying HRM practices for improving information security performance: an importance-performance map analysis. In Research Anthology on Business Aspects of Cybersecurity (pp. 326-348). IGI Global. Available from https://www.igi-global.com/chapter/identifying-hrm-practices-for-improving-information-security-performance/288685 [Accessed on 04th May 2022].