Cybersecurity: Managing the risks
As the famous saying goes, ‘there are two types of companies; one that has been attacked and the one that doesn’t know they have been attacked’, to highlight this topic, Vineet Kumar, Founder and President, Cyber Peace Foundation speaks about the risks and precautionary measures a company needs to look at to avoid cyber-attacks.
One may wonder how does this even closely affect the HR department? Vineet points out that security is not an IT thing anymore because today humans are the weakest link in the cybersecurity chain. He says, “The entire process of hacking is dependent on two factors: Vulnerability and Exploitation. On an average, every human will have almost five devices. With all these connected devices everywhere, there will be 30 billion connected devices in 2020.” This puts the employees at the center of every organization attack that can be made possible.
This being said, it then becomes essential for security needs to be enforced as part of an organization’s culture through policies, exercises, and drives. Security awareness is an area being heavily invested in by major companies across the globe. The risk to an organization’s information is also posed because of an improper server room access policy or inefficient log management scheme that are put in place by HRs.
As recommended by Vineet, here are some pointers to keep in mind that will help you stay safe:
- While hiring pay attention to skills that encourage competencies within teams
- Take a risk management approach by categorizing and prioritizing
- Consider policy reviews from time to time
- Manage new expectations concerning talent and people by conducting organizational competency assessment and individual skill assessment
- HRs are held responsible when an employee goes, and thus proper information verification needs to be undertaken
- Make your employees from top management to admin aware of this by conducting security awareness training programs, specific training like compliance, special technology security training, etc.
- Be cautious while looking into organization-wide policies like BYOD, password management, access, etc.
Vineet says, “As per reports we (India) are 2nd when it comes to social media scams”. This makes most of the business vulnerable to cyber-attacks. A lot of companies confuse being tech savvy with being security savvy, and in today’s world, it is crucial for a business to distinguish between the two. The two compliances, that is Business compliances and Regulatory compliances, i.e., when storing, processing specific data, accordance with the national and international law, best practices need to be maintained.
A safe company helps in building a trusted environment. Another reason for companies to focus on this is sustenance, and safe conduct of activities including almost all processes are cyber-oriented today. The major reasons that you should watch out for because of which these attacks happen are unauthorized access, careless or unaware employees and outdated security systems. Vineet warns every individual by saying, “If you feel like you haven’t been hacked, think again.”