Hi-tech hacking and espionage has been in the news a great deal of late, and cybersecurity experts are predicting that the threat will expand and worsen in 2017. Cyber threats are morphing and emerging from a multitude of nations, criminal organizations and opportunistic individuals; the astonishing creativity of these criminals and their sheer volume makes it very challenging to defend against!
Employers of all sizes must take this threat seriously and adopt a multi-prong strategy to combat, including some basic steps:
- Securing expertise to understand vulnerabilities and identify solutions
- Continuous vigilance and attention to emerging threats
- Budgeting and accountability to secure and maintain adequate resources
- Staff training and policies that support cybersecurity
This last action item is of particular importance when employees are using personal mobile devices to conduct company business. Unwittingly, they can open up your networks to hackers and expose sensitive information that can be used to extort or harm the organization. Defend your organization with a proactive strategy to train employees to identify and repel cyber threats, including:
- Clarify cybersecurity expectations immediately upon hire. Use examples, be very clear and specific about what’s acceptable and what’s not; don’t assume competency.
- Train staff on cybersecurity, including what to do when a threat is identified or a breach occurs; don’t use “techie” terminology or overly technical lingo.
- Include a cybersecurity policy in your employee handbook; encourage reporting of anything suspicious.
- Employees with access to sensitive or proprietary information are a higher risk and thus have higher responsibilities; have them sign stand-alone cybersecurity policy acknowledgements.
- Make cybersecurity a part of regular staff meetings and internal communications.
- Conduct on-going training as needed, refreshed with information about emerging threats.
Train employees to be your cyber warriors – they are on the front lines of the cybersecurity battle!
Additional cybersecurity considerations:
- Offer personal cybersecurity services as an employee benefit to shield them from identity theft; this will reinforce their awareness of, and competency to combat, cyber threats.
- Evaluate all HR Recordkeeping practices for cybersecurity vulnerability.
- When purchasing any new HRIS system, due diligence is essential to protect your organization from liability; assume all systems are “hackable” and enlist cybersecurity expertise to vet vendors and products. Secure external expertise if internal IT doesn’t possess adequate competency.
Note: This is a basic overview of cybersecurity considerations and not intended to be an all-inclusive description of cybersecurity for all organizations.