In cooperation with internal and external experts, HR professionals too must start working on limiting HR-related information security risks to the minimum. After all, information security is not solely the responsibility of the IT department and nor is it simply a matter of technology. It depends on how people in the organisation handle information, and that is why HR departments are being increasingly requested to help ensure reliable data protection within the organisation. Here are some tips for this.
1. make your employees more aware
Perhaps you're lying awake at night worrying about hackers conspiring to steal your company information, but they are not the biggest threat: that's actually your own employees. Research shows that most information security risks are caused by people working at the organisation in question. Some incidents can be categorised as criminal behaviour or malicious intent, but the lion's share of the problems arise from simple mistakes that could have been prevented: such as unsuspectingly clicking a link in an email or downloading malware.
By now, one in two organisations are focusing attention on incorporating information security in their employee training programmes. This is often done in the form of a training that raises awareness and alerts employees to the potential risks and how to prevent them. HR can set up such trainings in collaboration with internal and external IT experts.
2. formulate smarter policy and clearly defined job profiles
In organisations where the careful handling of information is an intrinsic part of the company culture, there can never be any misunderstanding about the individual responsibility of employees. This is a task to be performed by HR, whether or not in collaboration with IT experts. Job descriptions and profiles must clearly describe the role and responsibility of employees with respect to data protection. The same applies to organisational policy in this area.
Perhaps it is high time to start updating these matters within your organisation. Make sure to take the following into account when fine-tuning your policy and job profiles:
- How and to what extent technology is used within your organisation
- Rules of conduct regarding passwords
- Employee ethics, in the context of dealing with confidential information
- Responsibilities, tasks and role allocation in relation to data protection
3. ensure effective crisis management measures
If your organisation ever becomes the victim of a security incident, these measures will ensure that you can quickly take action to limit the damage and prevent your business relations from losing their trust in you. Continuity in business operations is a responsibility borne by the entire organisation and HR can also make a significant contribution to this. It can do this, for example, by gaining a better insight into the 'human side' of such incidents and training employees appropriately so that such errors can be prevented in the future.