The role of HR in preventing security breaches
Create the Future Read similar articles
Companies across sectors are undergoing a rapid evolution to digital platforms. In an attempt to be better connected with its various stakeholders on a more real-time basis, companies are also exposing themselves to the threat of security breaches. The digital transformation of business models along with modern workplace practices like remote working means that companies need to be interconnected.
As business processes are being integrated, and digital tools are driving business activity, security breaches are becoming a reality that one needs to be prepared for. According to data by Pluralsight, the average total cost of a data breach is around $17 million in the US. In addition to this one out of three business have had a loss of revenue due to a data breach, with over 38 percent of the surveyed companies reported a loss of 20 percent or higher. According to a study by the Ponemon Institute, the likelihood of one or more data breaches over a 24- month period is the highest in South Africa and India.
The loss from data breach entails several aspects that can severely impact the functioning of the company. Often in cases of a security breach, the response time too becomes critical. According to data, the difference between the average cost incurred in cases where the breach was detected in time periods of under 100 days compared to the cases where the quarantine period extends 100 days is over a million dollars.
Here’s what HR needs to know:
1. Create awareness on data security
This entails understanding what the security protocols are, how to develop and use strong passwords and what to do if employees suspect trouble or have misplaced a device that they also use for business. This helps make employees more responsible towards the data they have access to and adapt to newer risks as the technological landscape changes.
2. Be proactive – leverage information from risk assessments and audits
An essential fact of preventing data breaches is to be proactive. Human errors are common and it often becomes a problem if the company’s cybersecurity strategy is reactive one rather than being proactive.
Risk assessments and audits conducted at regular breaks help identify possible loopholes - within the software as well as the employees handling it. Understanding what makes the cybersecurity system vulnerable becomes essential towards mitigating future risks. It is also helpful to know that such assessments aren’t a one-off effort. Security skill management is an ongoing effort.
3. Training is essential to manage data security threats
As companies expand, more employees become part of IT architecture and human errors are a significant cause of data breaches. HR departments play a critical role in helping manage and train this fast-changing workforce – especially when it comes to data security.
In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. HR departments need to have the capabilities to support their company’s need for a trained workforce, even in fields which traditionally might have fallen within the domain of engineers and programmers.
4. Complex IT architectures constrain the organization’s ability to respond
Although a certain level of complexity within a company’s IT architecture is expected and in such cases, the threats facing organizations can be easily dealt with, too much complexity can impact the organizations' ability to respond to data breaches. Increasing usage of cloud-based applications and data sharing, as well as the use of mobile devices (including using various mobile apps), have made the chances of data breaches significantly higher dealing, with IT security often being unable to monitor a growing workforce.
According to a report by Pluralsight, its’ also necessary to define security standards early on and ensure there is a system of accountability based on such standards. Training often has limited results when there isn’t an accountability system in place that helps employees to match the organizations' security needs.
The changing nature of work hasn’t just impacted the way business employ newer technologies to provide better products and services but has also evolved how the internal departments of the organization work together. When it comes to the threat of security breaches, HR departments need to function cohesively with the IT function of the organization to create a workforce which is capable of minimizing and mitigating the chances of a security breach.