Cybersecurity – How HR Contributes to a Culture of Safety


For as long as companies have been online, cybersecurity has been a concern – but the last few years have shown a marked surge in malicious activity, activity that demands corporate attention. Cyber attacks undermine the security of customer and employee data, they can introduce malware, including ransomware, which can cripple and disable any company, of any size, without warning. So, what does this have to do with HR? The time when cybersecurity was strictly an IT concern is long gone, and today's guest, Marcy Klipfel, Chief Engagement Officer at Businessolver, explores the role that HR can play in creating a culture of safety. Here, she explains:

  • The key sources of cybersecurity weakness;
  • The potentially devastating consequences of a data breach;
  • The importance of leadership's modeling of secure practices; and
  • How, by working together, HR and IT can build a more secure workplace!

If you prefer to read along while you listen, we've done all the hard work for you! We listened back to this episode and took notes below, and access is free! 

Cybersecurity Concerns - A Surge In Attacks

  • Notable cyberattacks (2021): Colonial Pipeline and JBS
  • Unfortunately, hackers are getting smarter and better at what they do.
    • This success incentivizes them to continue to exploit cybersecurity weaknesses and access sensitive company data.
  • These attacks can come in a variety of forms: from simple phishing emails to more sophisticated corporate server break-ins. 
  • These cybersecurity weaknesses can stem from both human error and technological error/weakness. 


Get all the notes, links, tips, tricks and most important content from this episode - for free!

By signing up you agree to our terms

Consequences Of A Data Breach

  • One of the most obvious consequences of a data breach is the monetary risk of data being stolen and held for ransom. 
  • Beyond ransom concerns, cybersecurity breaches can severely damage your brand and the trust that clients have with your brand.
    • Company reputation is something that is invaluable and if a breach were to occur, it is difficult to even put a price on the possibility of lost trust and business.

Cybersecurity Gatekeepers

  • IT professionals play an integral role in protecting a company from possible attacks.
    • They need to be coming up with your risk framework, addressing compliance, and conducting their due diligence when it comes to software architecture and security in general.. 
    • The biggest risk will always be human error, and because of this, employees at all levels must be educated on the consequences of a breach, to ensure that they understand the role they play in keeping corporate data secure. 
    • Leadership should model the right behavior as it relates to secure practices, and remind their teams to work safely and securely, reinforcing behaviors taught during training.

What Role Does HR Play?

  • HR is responsible for ensuring that data protection (company data, employee data, client data) be instilled into the foundation and culture of your company.
  • HR already serves as the “guardian” of so much private and sensitive information that it is only logical that they should also be involved in the protection of online assets.
    • This responsibility can also help to boost employee engagement because they will want to be part of protecting their own personal data.
    • People tend to rise to the level of responsibility and accountability that you instill in them.

Employees Protecting Their Own Data

  • The entire process should start with your onboarding process. On Day One, the importance of cybersecurity should be stressed and the role of each employee in that effort should be clearly explained.
  • From there, there should be an ongoing partnership between the different departments that have a role to play in the cybersecurity efforts to keep everyone at the same level of accountability.
    • This applies to top-down leadership as well.
      • If they preach to use complex and unique passwords and to not share passwords under any circumstances, they should also follow those rules. 
      • Just as with any staples of company culture, if leadership follows those rules, everyone is much more likely to, as well.
  • These efforts should also be woven into every interaction that people have, serving as a constant reminder of the role that they play in keeping sensitive company information safe at all times. 

How HR Can Become More Integrated In The Cybersecurity Effort

  • Ms. Klipfel’s article on Forbes is a great guide to exploring how HR and IT can work together to build a more secure workplace. 
  • HR should really be at the forefront of expressing the risk framework of a cybersecurity issue.
  • By partnering with IT, HR can utilize technology to remind people of the cybersecurity dangers that exist and work to create a “chemical memory” about the importance of staying vigilant when it comes to data protection.
    • Constant communication and engagement with employees on the topic is imperative, even beyond what compliance demands. 
    • HR needs to help employees understand the practical applications of how employees can work to protect their own data along with the data of others. 

Creating An Emergency Response Plan

  • Similar to other areas in which employees need to be re-certified after a period of time (HIPAA, etc.), the constantly evolving threat of cybersecurity breaches should be reintroduced to employees.
    • New types of threats arise every day, and employees should be in the know about what is current and what they should be on the lookout for. 
  • In order to stay up to date, HR must find ways to weave these new threats into existing training measures that can be consistently updated.
  • HR and IT should work together to understand what is current and figure out ways to deploy that information throughout the company.
    • From there, the information should be spread in a campaign of sorts, one that continuously lives on and that employees are aware of when new updates arise. 

When To Begin Building Your Cybersecurity Training Curriculum

  • If you are currently not training employees on the subject, you should start right away.
  • Integrating this training into any existing training is a great way to get started and encourage employees to keep it top of mind.
  • A great way to easily weave in the mention of cybersecurity is something along the lines of: “Just as we take your employee data seriously, we want to remind you that you also play a part in making sure that our data stays protected.”

Measuring The Effectiveness Of Cybersecurity Training

  • HR has the ability to test employees to assess the state of employee compliance to safety issues. One such test might be to send out a fake phishing email, to see if anyone “takes the bait”.
    • Obviously you hope they don’t, but if they do, it can be a valuable learning experience for everyone involved. 
    • Best case scenario, no one takes the bait and your employees flag the fake email!

Software Best Practice

  • The best practice is to assume that any program is NOT secure.
  • When looking into any software program in which data will be stored, you should emphasize the importance of cybersecurity to your organization in the request for proposal (RFP).
  • One of the most basic assurances is whether or not the program has cyber insurance. If not, it’s a major red flag.
  • It is extremely important to engage your IT experts to help you scrutinize any HR software you may consider using.

Asking for Guidance

  • Asking for guidance from others and developing a “technology committee” are alternative ways to analyze the threat for cyber attacks.
  • In general, HR professionals want to help each other out, so looking for advice and best practices from others that have found success in preventing cybersecurity issues is a fantastic way to improve your own practices.
  • Ms. Klipfel has also generously offered her assistance concerning any questions you may have when it comes to protecting your data.
    • A link to Ms. Klipfel’s work on Businessolver can be found here.


  • Businessolver offers a software program called “Benefitsolver” that helps companies to educate and empower people to enroll in the benefits that are the best fit for them, all while personalizing the enrollment experience.
  • They pride themselves on being very innovative when it comes to how they engage their members (the employees of the clients that they partner with).
  • They also offer a benefits virtual assistant named “Sofia” that leverages artificial intelligence in a way that is available and beneficial to employees at any time.
  • One of the main benefits of Businessolver is the “one-stop-shop” nature of their services. 
    • Due to the fact that all of their robust services are wrapped up into one program, the threat of cybersecurity breaches are significantly reduced compared to using multiple programs for different sets of data. 
  • You can learn more about Businessolver on their website and/or by connecting with them on LinkedIn.

Marcy Klipfel Background


Subscribe & Review The ProjectHR Podcast!

Thanks for tuning into this week’s episode of ProjectHR. If the information in our weekly conversations and interviews have helped you in your business journey, please head over to wherever you get your podcasts and subscribe to the show. We'd also love it if you left us a five-star review! Your reviews and feedback will not only help us continue to deliver great, helpful content, but it will also help us reach even more amazing professionals just like you!

Print Friendly, PDF & Email