How interconnected are cybersecurity and HR? Alvin Evans III and other employees of MGM Resorts International must never have anticipated that they would experience a payment delay from their employer. However, that is precisely what Evans reported to KVVU-TV in Las Vegas. Speaking with the news outlet, he stated:
“We kind of heard about it when we were in class, and I’m like, let me check my account, and we saw that we were locked out.”
MGM Resorts International stated on Thursday, September 14, 2023, that all employees would be paid on schedule. However, as of Saturday, September 16, 2023, Evans says he still has not received his paycheck. This is the latest embarrassing report about the massive MGM cyber attack that costs the company an estimated $4.2 to $8.4 million daily.
This particular cyber attack has generated a lot of press because it has been conducted against such a large company in a public fashion. However, any company of any size can become the target of a cyber attack. The extent of the damage done may or may not reach the levels it has with this attack against MGM. However, every company should always be concerned about its vulnerability to attacks. Now is the time to focus on a human resources (HR) department’s role. This is in achieving cyber safety protocols.
What Role Does Human Resources Play in Cybersecurity?
The information technology (IT) department is the first department you likely think of when you think of cyber safety. That department plays a significant role in cybersecurity operations. But human resources must also be on board with protecting company assets. Securityintelligence.com explains the role that HR can play in the development of solid cybersecurity defenses:
Human resources is valuable as a partner in cyber risk assessment and incident response planning. People operations software includes detailed employment records and popular targets for cybercriminals. Protecting these assets is essential to cybersecurity for the entire organization.
Human Resources Role in Cybersecurity
According to a joint study by Stanford University Professor Jeff Hancock and security firm Tessian, 88% of data breach incidents are caused by employee mistakes. As a contributor to training, communication and culture, this is where HR enters the cybersecurity picture:
- Employee Data Control and Access – How certain employees are classified will impact the amount of data they can access. Human resources is responsible for ensuring that employees are adequately categorized. So, they only have access to the information needed to accomplish their work duties.
- Regulatory Compliance – Many jurisdictions around the globe have established a set of regulatory standards for issues such as data privacy and more. The HR department needs to keep up with these latest regulatory developments. They should also keep the company and its employees in compliance with these regulatory measures.
- A Culture of Cybersecurity – HR’s practices of protecting candidate and employee data, their input on training partners and ongoing messaging to educate employees about the risks and mistakes that lead to breaches, and the policies and procedures they help to develop are the first interactions employees have with a culture of cybersecurity, thereby supporting leaders in their ability to coach on best practices for preventing cyber attacks. This is so every employee understands that what is expected of them is critical to maintaining that culture.
Often, HR is the frontline of defense when creating and maintaining a cybersecurity plan that everyone can embrace and sustain. While these responsibilities are important, one more is even more important: Creating, updating and maintaining the employee handbook.
Updating Employee Handbooks
When well developed, the employee handbook helps employees become acquainted with what they need to know to be successful and safe in the workplace. This document contains the code of conduct and all policies that must be followed. This is to protect employees and the company on the job. It is a highly technical and detailed document containing information about an employee’s expectations. This also includes what that employee can expect from their employer in return. In a sense, it’s an employee training handbook.
One of the most fundamental cornerstones of an employee handbook is the sections dedicated to the company’s cybersecurity policies. Keeping employee handbooks current with the latest details about what kind of cybersecurity policies the company has put in place comes from the partnership with IT, Operations and HR.
The reality is that the employee handbook is specifically designed to be updated again and again over time. Some will even say that creating an employee handbook is never done. Maintaining and updating the employee handbook frequently is the best way to ensure everyone is informed about the latest cybersecurity threats. This would also help them know how to prevent them. The HR department must do its best to maintain the employee handbook on a routine basis. They should also revisit it at least a few times per year.
Considerations for Remote Employees
A Forbes report estimates that approximately 16% of all companies in the United States are “fully remote.” This is to say that those companies hire only remote workers to help them accomplish their daily tasks. A significant portion employs some remote workers to help get work done. Therefore, it is understandable that many business owners and managers are concerned about what they can do to maintain a culture of cyber security when they have workers scattered throughout the country or even the world.
Concerns About Cybersecurity
There are legitimate concerns about cybersecurity in a remote work world. But there are also remote work policies that you can adopt to help keep things safe. Consider the following things that you need to nail down before hiring someone for remote work or switching an in-office employee to a remote worker:
- Scheduling – Will the remote worker perform all of their job duties on a remote basis? Or will they be required to come into the office occasionally? What types of work can be performed remotely and which must be done in the office? These are the questions that you need to answer.
- Technology Use – Policies should be developed to determine which pieces of company technology the remote workers will be allowed to take home with them. You must also consider what security measures you will take to ensure the technology is secure even when brought home.
- Check-Ins – Another thing to clarify precisely is how often remote workers will be expected to check in. They should also report on the work they are doing or have completed. This will allow you to ensure they are doing what they should be. You would also know that they aren’t opening up any security vulnerabilities.
These are the things to consider when bringing on remote workers. Other issues may also arise in time and you can address them as they arise. Make sure it is all maintained and established in the employee handbook.
Get HR on Board Today
Now is the time to get HR on board with promoting cybersecurity. This is one of the most important things that HR is responsible for. It is paramount to get it done right. Collaborate with the HR team to create a comprehensive employee handbook of cybersecurity policies and measures.