The Impact of Cyber Security and Social Media on the Global HR Community
Mike Loginov, Ascot Barclay, 27 June 2013
As the internet increases global trading opportunities for business, so it also leaves the door wide open for cyber criminals to exploit the systems of organisations across the world. That includes yours. If you’ve been following the story of Bradley Manning – who passed US classified material to Wikileaks – and thinking that data leaks are a government problem, you’re very wrong.
Do you remember the case of the broker who incurred millions of pounds of losses for his investment bank employer by making unauthorised trades? You may have filed it in the ‘That’s the banks for you’ folder in your brain but it’s a perfect example of the dangers that lurk within the organisation. In other words, the employees.
The big problem is that cyber crime just isn’t being discussed enough within or outside the HR community. We Googled ‘top commercial challenges for global organisations’ and nothing on page one of the results so much as mentioned cyber crime. They covered sustainability, regulation, emerging technologies, economic recovery and pricing pressures, but nothing on data security. With such poor coverage, it’s no wonder that the subject isn’t on the HR radar.
There’s definitely a disconnect between cyber crime’s prominence and its prevalence. According to a report by the ACCA, cyber crime is now one of the top four global economic crimes. Its survey revealed that almost as many organisations were a victim of cyber crime in the previous year as accounting fraud and bribery or corruption.
Why HR Matters
So why should the global HR community sit up and take note? In the past, HR and legal departments were seen as fairly low risk but it’s clear that they contain a lot of confidential information that is a treasure trove to cyber criminals. Just consider the issue of indentify theft alone; those electronic records contain everything that a criminal needs to steal the identity of your employees. And just think what that would do to the organisation’s reputation.
As we mentioned above, the threat cuts both ways. Criminals from outside the organisation can use the weaknesses in your systems and the people who use them to their advantage. And staff within the organisation are capable of misusing confidential data. The common denominator is the employee, which makes cyber crime a high priority within the HR strategy.
On top of this, there’s the issue of social media. Businesses of all shapes and sizes use sites like Facebook, YouTube and Twitter to market their brand. With these online communications channels available 24 hours a day, social media represents an easy way for cyber criminals to access your information systems. So, while you may not have thought that the Marketing function needed much training in cyber crime, it’s clear that they need to be alert to the most common security dangers within internet marketing.
Employees should be regarded as high value assets and potential liabilities. Unless staff understand their responsibilities regarding the storage and use of confidential information, they will remain a risk to the organisation’s reputation. It’s also important that HR understands the interdependencies across the organisation and closes the gaps between functions and countries.
What the Global HR Community Needs to Do
To combat the dangers of cyber crime, HR professionals should undertake the following actions:
- Develop ‘situational awareness’ of cyber crime threats in the locations in which your organisation operates and where confidential data is stored. A cyber security cultural audit will tell you what the current levels of knowledge of cyber crime are.
- From this information, a training programme can be devised and delivered, focusing on the greatest areas of risk. Even if some staff have low access levels to company information, they should be made aware of problems and dangers that can exist. For those who have major information management responsibilities, consider investing in a Cyber Security Awareness Certification Programme for IT Professionals.
- Ensure that cyber crime is placed firmly within the organisation’s risk identification protocols. While the CEO needs to lead on this, it’s essential that HR is able to work with IT to deploy personnel to manage any incidents that do occur. Furthermore, these actions must be consistent and efficient, regardless of where the problem originated.
- Launch an induction programme that includes cyber crime awareness at the appropriate level. Only HR has the information to discern roles and their relevant user access so it’s their responsibility to lead the way.
- Give staff clear instructions on the use of portable equipment such as laptops, tablets and smartphones and include the types of behaviour that will result in disciplinary action.
- Above all, ensure that these actions are carried out at all the organisation’s offices and locations, no matter whether you work in a regional business or a global business that operates on different continents.
— Mike will be running a non-technical workshop specifically designed for HR professionals, to address all these areas, as part of a larger HR summit in London.
Cyber Security: The Essential Role of HR, 24 September, London
Part of HR Change & Transformation 2013