Human error is one of the biggest threats in companies, according to a Canadian security expert. A recent Verizon Wireless Data Breach Investigations Report shows most cyber security attacks target people. It blamed well over 90 per cent of successful breaches on phishing and pretexting.
“Many businesses are looking at their security in terms of layers,” said Mark Gaudet, Cybersecurity Products Manager at the Canadian Internet Registration Authority (CIRA). One of these layers — the first, in fact — is the ‘human firewall.’ This is where the HR team plays a critical role.”
HR has a unique perspective
It can be easy for business leaders to put HR in a box, limiting its responsibilities to the recruitment and hiring of new staff. But in many organizations HR is one of the main players when it comes to improving overall security.
“HR has that unique perspective of seeing security through the lens of what is most often a company’s most vulnerable point — its people,” said Gaudet. “HR teams drive a cyber security culture by reinforcing what has been learned in training sessions, by ensuring employees have truly absorbed what they’ve learned and that they know what’s expected of them.”
HR’s role in company security begins the first day an employee is hired. At “day one,” HR has an opportunity to reinforce the company’s commitment to maintaining strong security. But in order to thrive, a company’s security culture requires constant tending as well, said Gaudet.
Between IT and employees
An engaged HR department that acts as a bridge between employees and IT helps transform company security into something that pays perpetual dividends.
HR and IT should work together to develop a joint security plan, said Gaudet. “But one meeting isn’t enough,” said Gaudet. “It may be a potentially powerful relationship, but it must be kept up. That means regular meetings in which disaster recovery plans and responsibilities are discussed, as well as training, which is the jewel in the crown so to speak.”
Invest in the future of your company
Employees that have been well-educated on policy and compliance best practices are not points of vulnerability but assets to their company’s IT security. Unfortunately, in many companies HR and IT are not coordinated, and the cyber security training being offered is neither engaging nor effective, said Gaudet.
CIRA offers a cyber security awareness training platform that uses the combined efforts of IT and HR to turn staff into a “human firewall.” CIRA’s Cybersecurity Awareness Training platform offers not only traditional courses, but also awareness and perception surveys, phishing simulations, and company-wide measurement.
Find out more about the CIRA’s cyber security training platform
