Why Cybersecurity is Every Department’s Business

October 30, 2017

Why Cybersecurity is Every Department’s Business

When it comes to cybercrimes, businesses must constantly be iterating and improving their security protocols. Companies store valuable information, from personal employee data to corporate trade secrets, that can attract the attention of malicious criminals looking for profitable data to steal. When thieves are able to exploit security vulnerabilities, companies can suffer significant financial consequences that impact employees across every department.


While the immediate knee-jerk reaction may be to blame the technical department for security incidents involving compromised data, effective cybersecurity cannot be the responsibility of one internal team. As cyber threats grow increasingly complex, various departments from HR to IT will need to work together to strengthen a company’s resilience against future incidents.


Armed with a comprehensive digital security plan and cooperation between internal teams, businesses can proactively address cyberattacks before damage spirals out of control. With National Cyber Security Awareness Month upon us, organizations are turning their focus to fostering a culture of cybersecurity.


HR’s contributions to company-wide cybersecurity best practices

With corporate cyberattacks making headlines regularly, businesses are starting to place a greater emphasis on risk management and increasing education around cyber threats. While there is little anyone can do to prevent attempts at external attacks from hackers, businesses can take steps to mitigate threats originating in-house.


In addition to managing recruiting and hiring processes, HR professionals also have the skills to eliminate two big internal threats: employees who use their personal email to access sensitive information and disgruntled employees who may be attempting corporate espionage. Often the first point of contact with new employees, HR departments can educate new employees on proper email etiquette and ensure timely deprovision of user access when individuals part with the company.


When an employee is onboarded, for example, HR determines what type of network access that individual has and educates employees on acceptable use of IT systems and in some cases, security best practices. Similarly, HR is often the first to know when an employee leaves the company and can immediately restrict the former user’s access to sensitive information. If human resources and IT departments can share information and work together, they can become the strongest defense a business can employ against impending data breaches.


Cyberattacks affect every department in an organization, grinding workflows to a halt and potentially compromising a company’s intellectual property, personal information, and other sensitive data.


Why IT departments need to collaborate with HR to better manage risk


The IT department is responsible for several things within an organization. Daily IT activities may consist of building new infrastructures and maintaining necessary business applications, in addition to managing various business technology resources. Above all, the IT department has the skills to put certain security systems, such as identity management solutions, in place to stop both internal and external data threats. By remaining proactive about ensuring company data is appropriately managed, IT teams can remain ahead of cybercriminals and stay prepared in a worst case scenario.


But in order for security tools to be effective, IT needs to work with HR to determine what types of permissions every employee should be given and when to deprovision old users. As the primary gatekeepers of an organization, HR can pioneer cloud-based identity management that extends to IT-related functions. Unifying employee directories makes it easy for HR teams to quickly and securely onboard and offboard employees based on preconfigured access policies established by IT. This ensures disgruntled employees can’t access sensitive corporate information even after they turn in their work devices.


IT can also work with HR to establish training programs to better educate employees on security best practices, such as notifying IT when they receive suspicious emails. Spear phishing, for example, often targets organizations for valuable data and can catch even the most alert employee off guard. Accidentally opening an email from a seemingly reputable source can create security vulnerabilities with serious consequences for entire organizations. Because HR oversees sensitive information such as employee data and W2 forms, they should collaborate with IT to establish stronger security measures as email scams become harder to detect.


Cyberattacks affect every department in an organization, grinding workflows to a halt and potentially compromising a company’s intellectual property, personal information, and other sensitive data.


When HR and IT team up, together they are able to implement effective cybersecurity training protocols and better protect sensitive business assets. The right combination of robust IT systems, educational programs, and greater communications between departments can safeguard a company’s property and its employees.

The Authors: 

Alvaro Hoyos is the chief information security officer for OneLogin, a leader in cloud identity management solutions, where he architects and leads the company’s risk management, security, and compliance efforts. He has more than 15 years in the IT sector. Prior to joining OneLogin, Hoyos helped startups, SMBs, and Fortune 500 companies with their security, compliance, and data privacy objectives. To learn more about Alvaro Hoyos and OneLogin, please visit:https://www.onelogin.com/. Twitter: @wherestherisk