Cybersecurity – How HR Contributes to a Culture of Safety

Consequences Of A Data Breach

• One of the most obvious consequences of a data breach is the monetary risk of data being stolen and held for ransom. 
• Beyond ransom concerns, cybersecurity breaches can severely damage your brand and the trust that clients have with your brand.
  • Company reputation is something that is invaluable and if a breach were to occur, it is difficult to even put a price on the possibility of lost trust and business.

Cybersecurity Gatekeepers

• IT professionals play an integral role in protecting a company from possible attacks.
  • They need to be coming up with your risk framework, addressing compliance, and conducting their due diligence when it comes to software architecture and security in general.. 
  • The biggest risk will always be human error, and because of this, employees at all levels must be educated on the consequences of a breach, to ensure that they understand the role they play in keeping corporate data secure. 
  • Leadership should model the right behavior as it relates to secure practices, and remind their teams to work safely and securely, reinforcing behaviors taught during training.

What Role Does HR Play?

• HR is responsible for ensuring that data protection (company data, employee data, client data) be instilled into the foundation and culture of your company.
• HR already serves as the “guardian” of so much private and sensitive information that it is only logical that they should also be involved in the protection of online assets.
  • This responsibility can also help to boost employee engagement because they will want to be part of protecting their own personal data.
  • People tend to rise to the level of responsibility and accountability that you instill in them.

Employees Protecting Their Own Data

• The entire process should start with your onboarding process. On Day One, the importance of cybersecurity should be stressed and the role of each employee in that effort should be clearly explained.
• From there, there should be an ongoing partnership between the different departments that have a role to play in the cybersecurity efforts to keep everyone at the same level of accountability.
  • This applies to top-down leadership as well.
    • If they preach to use complex and unique passwords and to not share passwords under any circumstances, they should also follow those rules. 
    • Just as with any staples of company culture, if leadership follows those rules, everyone is much more likely to, as well.
• These efforts should also be woven into every interaction that people have, serving as a constant reminder of the role that they play in keeping sensitive company information safe at all times. 

How HR Can Become More Integrated In The Cybersecurity Effort

• Ms. Klipfel’s article on Forbes is a great guide to exploring how HR and IT can work together to build a more secure workplace. 
• HR should really be at the forefront of expressing the risk framework of a cybersecurity issue.
• By partnering with IT, HR can utilize technology to remind people of the cybersecurity dangers that exist and work to create a “chemical memory” about the importance of staying vigilant when it comes to data protection.
  • Constant communication and engagement with employees on the topic is imperative, even beyond what compliance demands. 
  • HR needs to help employees understand the practical applications of how employees can work to protect their own data along with the data of others. 

Creating An Emergency Response Plan

• Similar to other areas in which employees need to be re-certified after a period of time (HIPAA, etc.), the constantly evolving threat of cybersecurity breaches should be reintroduced to employees.
  • New types of threats arise every day, and employees should be in the know about what is current and what they should be on the lookout for. 
• In order to stay up to date, HR must find ways to weave these new threats into existing training measures that can be consistently updated.
• HR and IT should work together to understand what is current and figure out ways to deploy that information throughout the company.
  • From there, the information should be spread in a campaign of sorts, one that continuously lives on and that employees are aware of when new updates arise. 

When To Begin Building Your Cybersecurity Training Curriculum

• If you are currently not training employees on the subject, you should start right away.
• Integrating this training into any existing training is a great way to get started and encourage employees to keep it top of mind.
• A great way to easily weave in the mention of cybersecurity is something along the lines of: “Just as we take your employee data seriously, we want to remind you that you also play a part in making sure that our data stays protected.”

Measuring The Effectiveness Of Cybersecurity Training

• HR has the ability to test employees to assess the state of employee compliance to safety issues. One such test might be to send out a fake phishing email, to see if anyone “takes the bait”.
  • Obviously you hope they don’t, but if they do, it can be a valuable learning experience for everyone involved. 
  • Best case scenario, no one takes the bait and your employees flag the fake email!

Software Best Practice

• The best practice is to assume that any program is NOT secure.
• When looking into any software program in which data will be stored, you should emphasize the importance of cybersecurity to your organization in the request for proposal (RFP).
  • Businessolver, Ms. Klipfel’s company, actually writes blogs and hosts webinars that explain how to create great RFPs that ask the important questions regarding cybersecurity concerns. 
• One of the most basic assurances is whether or not the program has cyber insurance. If not, it’s a major red flag.
• It is extremely important to engage your IT experts to help you scrutinize any HR software you may consider using.

Asking for Guidance

• Asking for guidance from others and developing a “technology committee” are alternative ways to analyze the threat for cyber attacks.
• In general, HR professionals want to help each other out, so looking for advice and best practices from others that have found success in preventing cybersecurity issues is a fantastic way to improve your own practices.
• Ms. Klipfel has also generously offered her assistance concerning any questions you may have when it comes to protecting your data.
  • A link to Ms. Klipfel’s work on Businessolver can be found here.

Businessolver

• Businessolver offers a software program called “Benefitsolver” that helps companies to educate and empower people to enroll in the benefits that are the best fit for them, all while personalizing the enrollment experience.
• They pride themselves on being very innovative when it comes to how they engage their members (the employees of the clients that they partner with).
• They also offer a benefits virtual assistant named “Sofia” that leverages artificial intelligence in a way that is available and beneficial to employees at any time.
• One of the main benefits of Businessolver is the “one-stop-shop” nature of their services. 
  • Due to the fact that all of their robust services are wrapped up into one program, the threat of cybersecurity breaches are significantly reduced compared to using multiple programs for different sets of data. 
• You can learn more about Businessolver on their website and/or by connecting with them on LinkedIn.

Marcy Klipfel Background

• BBA/BA in Marketing/Journalism and an Executive MBA, all from The University of Iowa Tippie College of Business
• Ms. Klipfel has been a working HR Professional for over 20 years, working for companies such as Aon Hewitt, Towers Perrin, and General Growth Properties.
• Today, Ms. Klipfel serves as the Chief Engagement Officer for Businessolver.

Contact

• Marcy Klipfel on LinkedIn
• Marcy Klipfel’s email: mklipfel@businessolver.com