Cyber Security and HRM

 

Business operations excessively rely on data than ever before making cybersecurity as to top challenging priority of the organizations (Culot et.al., 2019). Protection of information includes protection of information assets from unauthorized access, disclosure, destruction, accidental loss, misuse or modification (Kumah et.al., 2022). Breach in information security may lead to loss of sensitive information and productivity which will ultimately lead to huge financial losses and may badly affect the company reputation as well (Kumah et.al., 2022). The major source of security failure is human beings. They are vulnerable to a wide range of security threats from deliberate violation to circumvention of physical and technical security controls. Further possibilities of security breaches have been underestimated by the people making it highly vulnerable (Kumah et.al., 2022).

From HR perspective cyber security can be looked at two ways. Securing HR own data, such as employee salaries, employee personal information etc. With the excessive use of information technology such as cloud computing, artificial intelligence, internet of things in Human resource management, they become vulnerable for data breaches than they have ever before. The other role is to secure operational sensitive data by training operational employees on information security.

Following steps can be identified to be use by HR in accomplishing data security;

1.     Pre-define the data that can be accessed based on the role at the time of recruiting the candidates.

2.     Restrict the access to the data bases at the time of employee resign from the company.

3.     Creating and implementing organizational security policies

4.     Employee files are encrypted and have policies on how employee can access them

5.     Create access control for sensitive employee data that lies under HR team

6.     Promoting cybersecurity culture

7.     Conduct information security training – This is critical in safeguarding organizations’ information. Trainings should be given at the time of onboarding the candidate and thereafter periodically to refresh the knowledge. These trainings should be evaluated periodically, and corrective action should be taken (Kumah, 2022). In developing these trainings HR should take the help of IT industry specialists and industrial and organizational psychologists in order to develop effective training programme (Beyer and Brummel, 2015).

8.     Employee background checks – Important to ascertain whether employee has any criminal background and the character of the employee.

9.     Recruit specialist talent that have competencies and capabilities in term of analysts and programming (Culot et.al., 2019).

10.  Ensure information security policies are align with company mission, goals, objectives and priorities (Chavez, 2018)

11.  Complying with industry norms and adhering to legal regulations (Chavez, 2018).

12.  Implement a procedure to inform on data breaches identified and make sure the process is known by all the staff members (Chavez, 2018).

13.  Responding to the data breach incident reported efficiently and without additional data compromise (Chavez, 2018).

 

In Accenture, behavioral change is done creating a security-first mindset among employees through immersive and relatable learning scenarios to implement culture that secure information. (Accenture, 2019). Further time to time test mails on phishing are send to employees to test whether they practice the knowledge given through trainings. 

References

Accenture, 2019. Information security at Accenture. Available from https://www.accenture.com/fi-en/services/technology/information-security [Accessed on 04th May 2022].

Beyer, R.E. and Brummel, B., 2015. Implementing effective cyber security training for end users of computer networks. Society for Human Resource Management and Society for Industrial and Organizational Psychology. Available from https://www.shrm.org/hr-today/trends-and-forecasting/special-reports-and-expert-views/Documents/SHRM-SIOP%20Role%20of%20Human%20Resources%20in%20Cyber%20Security.pdf [Accessed on 04th May 2022].

Chavez, R., 2018 The role of HR in Cybersecurity. SHRM. Available from https://www.shrm.org/resourcesandtools/hr-topics/behavioral-competencies/pages/the-role-of-hr-in-cybersecurity.aspx [Accessed on 04th May 2022].

Culot, G., Fattori, F., Podrecca, M. and Sartor, M., 2019. Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review47(3), pp.79-86. Available from https://ieeexplore.ieee.org/abstract/document/8758411 [Accessed on 04th May 2022].

Kumah, P., Yaokumah, W. and Buabeng-Andoh, C., 2022. Identifying HRM practices for improving information security performance: an importance-performance map analysis. In Research Anthology on Business Aspects of Cybersecurity (pp. 326-348). IGI Global. Available from https://www.igi-global.com/chapter/identifying-hrm-practices-for-improving-information-security-performance/288685 [Accessed on 04th May 2022].

 


Comments

  1. GaminiHemachandra4 May 2022 at 10:17

    Yes Ayesha, As you well explained, In recent years, the human resources (HR) function has become integral organizational cyber risk management. Along with information security/information technology (InfoSec/IT), human resources (HR) is increasingly being asked to assist in determining and enforcing employee data permissions, training and enforcing cyber security policies and procedures, and assisting in responding to cyber events involving employees.( Brian W, n.d.)
    HR is typically the first (and last) point of contact for employees, and thus plays a critical role in developing and sustaining a strong cyber security culture. Although IT has traditionally created cyber security training sessions, HR's involvement has grown as the value of such training for employees has become more widely recognized.

    Reference; Brian W.(n.d.) HR’s increasingly important role in cyber risk management. Marshmclennan [online]. Available at: https://www.marshmclennan.com/insights/publications/2020/july/hr-s-increasingly-important-role-in-cyber-risk-management.html [Accessed on 04 May 2022]

    ReplyDelete

Post a Comment

Popular posts from this blog

Multi-Generational workforce – Does it really have an impact on the organization

Image
Today's workforce is consisting of four main generations, Baby boomers, Generation X, Generation Y and Generation Z. These four generations are segregated based on the born year and it is said that each group share the same qualities, requirements and working patterns based on the life experiences they took. Their personal values, communication styles, how they approach work, language and perception of each other may vary from each group. To effectively manage and recruit a multigenerational workforce it is important to be aware of these characteristics as these make conflicts in the workplace (Dwyer, 2009). Hence managing these four groups’ needs as per their group requirements and carefully designing the interactions between four groups to achieve organizational goals as one team will be one of the future challenges for human resource management. According to Dwyer (2009) and Gabrielova and Buchko (2021) below Figure 1 summarize the different age cohorts in today’s workforc...
Read more

Hybrid working model – How it can be applied

Image
                                               The covid-19 pandemic has created a new normal life for both people and organizations despite the dynamic changes taking place in the organizational environment due to emerging sophisticated technologies such as Artificial Intelligence, Blockchain, Robotic Process Automation, cloud computing, data driven culture and much more. The new operating models have been created for today and future by this sudden unexpected Covid – 19 pandemic, making plans made prior 2019 outdated. (Przytuła, S.  et al , 2020) The follow-up survey done based on 80,000 Fujitsu’s Japan based employees revealed that 55% of them preferred a mix of home and office working model after they were working from home for two and half months despite the fact that 74% employees considered the office to be the best place to work not long before the pan...
Read more

Employee well-being post COVID-19 pandemic

Image
  Post covid 19 pandemic employee well-being became area of concern in most of the organizations. The increase in stress, fear and uncertainty due to pandemic situation, social isolation due to remote working has decrease the employee productivity. Domestic violence, home schooling, working remotely has led to tremendous impact on employee mental health and well-being impacting on employee productivity and absenteeism. Due to these reasons, HR had to pay special attention to the well-being of the employees, enable them to deliver more productive output for the organization and for employees to have balanced work-life and more healthy personal life. As per Grant et.al., 2007 there are three dimensions in well-being, psychological, physical and social. Let's look at each in detail; 1. Psychological well-being   Refers to job satisfaction, presence of positive feelings at work, balance between positive and negative thinking, fulfillment of potential.  2. Physical well-be...
Read more