How Employee Comms and HR Can Boost the Cybersecurity of their Organizations

Cybercrime is a threat to all companies these days, regardless of size, but in addition to increased investment in security software, HR and IC departments can have a real impact on helping cybersecurity.

With attacks regularly hitting four in ten (39%) businesses, putting revenue, intellectual assets, data, reputation, and business continuity at risk, as well as increasing the prospect of regulatory (GDPR) financial penalties, it’s no wonder that over three-quarters (77%) of businesses say cyber security is a high priority.

Recently, Gartner predicted that by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

The convergence of remote working and ever-increasing cyber risk has many executives worried with 96% now see data security as a threat. Two in five are concerned about employees’ lax data security mindset when working from home, putting this on par with their concerns about external breaches.

So the question is: How can Internal Communication and Human Resources play their part and help their organizations in the fight against cyber crime?

Given their vital roles in the leadership arena, organizational culture, and governance of policies and communication channels, as well as having direct, respected, and frequent connections to all employees, IC and HR, are perfectly placed to support and amplify the battle against cyber security.

Here Are Six Ways IC and HR Can Boost Cyber Security Efforts:

#1. Understand the Fundamentals

Firstly, HR and IC need to get cyber security savvy.  A basic understanding of the fundamentals of safety, security, and privacy is needed to be effective in supporting cyber security measures across an enterprise.

It’s as much about protecting an organization as it is about empowering each employee to make the workplace a safe and secure environment.

Getting comfortable with the basics of security and privacy should include understanding and getting trained in the required cyber-safety behaviors and best practices. 

Without this knowledge, IC and HR are in no fit place to support the organization, align their own strategies, policies, and efforts effectively, or act from a place of credibility.  They have to walk the talk, so to speak.

#2. Work in Partnership

Cyber security is most definitely an initiative that requires aligning and working collaboratively across an organization. 

FWI | Poppulo has seen a big increase in cyber security communication by its global customers, particularly in recent months, and the platform is particularly suited to business continuity comms through IT in addition to organizational comms through Internal Comms.

Working in partnership with IT, cyber security teams, leadership and crisis management teams, IC and HR may wish to evaluate how the organization is positioned and how they can play their part in the following areas:

• Protecting company data regardless of whether employees work remotely, in the field, or within company offices or buildings
• Defining and updating roles and responsibilities regarding access to data, data systems, and communication channels throughout the entire employee lifecycle
• Adhering to legal regulations and complying with industry norms
• Maintaining well-documented policies, standards, and best practices
• Ensuring that your acceptable-use policy for access to the organizational network is comprehensive and clearly written

#3. Educate Employees on Cyber Security

Almost all (96%) of executives say the greatest threat to their organization’s cybersecurity is employees’ failure to comply with data security rules, not hackers or vendors. 

The most common security breaches by far (83%) are phishing attacks targeted at employees.  It, therefore, makes employee cyber security training a key priority and a continuous process to ensure employees recognize cybersecurity as a required business practice and stick to the company's best practices.

With many employees moving to hybrid or home-working, organizations have adapted quickly to enable changes in their digital infrastructure but, in doing so, further, new cyber security challenges and threats have emerged.

This makes training and policy compliance even more critical, given that work-from-home cybersecurity protocols and practices may not be as robust as normal office conditions.

HR and IC, through new-hire training, security awareness testing and training, and regular business communications reiterating cyber security is everyone’s responsibility, can keenly and adeptly play their part.

Training and communications should include:

• guidance for recognizing, preventing, and handling common scenarios and threats, such as phishing and password security
• Building good cyber security hygiene into their daily tasks
• Understanding the impact and consequences of cyber attacks, data breaches, and personal non-compliance to company cyber security procedures
• Testing staff, such as through mock phishing exercises
• How to handle the organization’s digital transformation and implementation of new technology
• Best practices for use of devices including bring-your-own-device and remote access
• Business continuity, incident response and recovery.

#4. Promote a Cybersecurity Culture

In addition to training, to lessen and mitigate the risk of cyber-attacks and data breaches, a cyber security culture needs to be formed and embedded from the leadership down, across an organization, from the office to factory floor to remote-working environments, from new starter through to leaver.

It must become part of an organization’s DNA.

HR connects with all employees at touchpoints throughout their entire employment lifecycle.  IC connects with all employees through everyday business-as-usual communications, events, and interactions. 

Together, they are critically placed to enable, role-model, and support a best practice cyber security culture, through policies, practices, channels, and communications that ensure everyone knows and honors their individual responsibility for protecting the organization and their colleagues.

# 5. Enable a Speak-Up Culture

Employee awareness of company cyber security expectations, and personal ramifications if they’re not adhered to, is absolutely vital in the fight against security breaches. 

However, it is also vital that they feel comfortable in reporting suspicious security matters.  A safe, confidential process to report suspicious behavior, particularly as it could likely include co-workers or management, is paramount. 

Furthermore, employees should be encouraged to share their concerns while ensuring there is no punishment for any false alarm.

#6. Keep Workers Engaged and Vigilant

It goes without saying (almost!) that any cyber security communication efforts need to remain relevant, engaging, fresh, and informative so that everyone understands they are personally responsible for cyber security and remain vigilant at all times. 

The consequences of smart phishing emails and data breaches are only around the corner when procedures become lax; busy working lives get in the way, complacency sets in, or attention levels drop. 

Innovative communications will help drive consistency and vigilance in the business-as-usual landscape.