Technology isn’t the only way to defend your company against a cyberattack. We’re thinking outside the box on this episode as we discuss HR’s role in cybersecurity with Kassandra McGlone. Kassandra heads the Rhode Island office for Insperity, and advises small and mid-size businesses on human resources best practices. Insperity’s tagline is “HR That Makes a Difference”—Kass is here to tell us how true that is for cybersecurity and cyberattacks.
Watch A Little Privacy Please!® on HR’s role in cybersecurity.
What role can a strong HR team play in helping companies avoid a cyberattack?
When business owners think about protecting themselves from cyberattacks, they think about the cyber consultant, legal counsel, and the software aspect—those antivirus malware protection systems. But there is also a role that HR can play in helping business owners make sure they’re keeping their business protected from cyberattacks and properly informing their employees.
One of the biggest parts is education.
A good HR team, a good HR partner, an HR consultant, or an in-house HR professional, whomever it is you use to help you with HR in your business, should be able to offer you different training platforms that have cybersecurity training courses. That will teach your staff how to be ethical users of technology—be it your phone for work, your computer in a public environment, or on a public open network—these are all things that we have to consider in today’s hybrid environment where people could work anywhere and businesses might have employees anywhere.
A good HR partner is going to help introduce you to the right training curriculum, help make sure that your managers are introducing those training courses to the staff, monitoring that they get completed within a timely manner, and that they’re reoccurring regularly so that it stays top of mind to help educate the staff.
Employers are also responsible for protecting their business with more than just software. When we create a cyber incident response plan, make sure that that is communicated to staff, and ensure the team knows where to access that plan in physical and digital formats. And then, how do you communicate that with your employees in a format that resonates with them? That’s a great place where HR can be a resource—communicating that information to your team.
What about during an attack? What can the HR team do to help a company navigate that chaos?
One of the things that business owners think a lot about is: Does this get communicated externally to our clients? Who do we need to bring in to help us deal with and contain the scenario?
Another consideration is how do you contain that information internally? How is the cyberattack going to affect staff morale? How do we communicate a cyberattack to employees so that everybody feels reassured?
This is where HR can be a strategic partner in helping mitigate these cyberattacks by providing internal communication with the staff, and helping them understand what has occurred. As your cybersecurity partner works to assess what happened, HR can also be a liaison between your cybersecurity partners and employee. HR is an important bridge in this cyberattack scenario.
What role does the HR team play in ensuring the cyberattack recovery process succeeds?
A strategic HR partner will help you learn from cyber incidents and help mitigate future incidents from happening. Your strategic HR partner should help with further training and understanding to close gaps in cyber education. HR also helps with organizational development and change management; HR can help to strategize and communicate that. This is where, again, a strategic HR partner can be essential.