In an era where digital threats loom large, the role of HR professionals extends beyond traditional boundaries to encompass cybersecurity. Human Resources can no longer be viewed as a back-office function; their involvement can significantly mitigate risks. Small enterprises, often perceived as less attractive targets, are increasingly under siege from cybercriminals.
- Securing the HR supply chain is critical, as threat actors exploit vulnerabilities here to launch attacks.
- Remote working arrangements present new cybersecurity challenges, requiring updated policies and vigilance.
- Social media policy enforcement is essential to prevent misuse and potential security breaches.
- Comprehensive training for employees is vital in maintaining robust cybersecurity defences.
Securing the supply chain has become a priority for businesses in the fight against cyber threats. HR professionals play a crucial role in managing relationships with suppliers and can influence the adoption of security measures such as two-factor authentication and passwordless systems. Debra Cairns, Managing Director at Net-Defence, stressed the evolving nature of this risk, noting that it has transitioned from an emerging concern to a current threat.
Remote working, now a staple for many businesses, introduces unique risks. From the dangers of public Wi-Fi to potential eavesdropping during calls, these vulnerabilities require stringent remote work policies. Martin Wilson from NEBRC highlighted theoretical risks from emerging technologies, like AI capable of deciphering keystrokes, illustrating the need for employee caution.
The enforcement of social media policies is vital as platforms become a playground for cyber malefactors. Threats range from phishing to impersonation scams, which have grown more sophisticated with AI advancements. Martin Hart of CyberShelter pointed out that these capabilities allow cybercriminals to craft almost undetectable phishing attacks, emphasising the need for thorough internal verification processes.
Training employees remains a cornerstone of cybersecurity strategy. The collaboration between HR, IT, and management in developing robust onboarding and continuous training programmes is essential. John Hay from Net-Defence underscored the necessity of keeping staff engaged and informed, given the ever-evolving threat landscape. His remarks serve as a reminder that human error remains a significant vulnerability in cybersecurity.
The importance of prompt response and reporting cannot be overstated. In the event of a breach, quick action and transparent communication both internally and with law enforcement are key. Rebecca Chapman of NEBRC emphasised the critical role HR can play in ensuring incidents are reported, which feeds into broader intelligence gathering efforts crucial for combating cybercrime.
The evolving role of HR in cyber security demonstrates the necessity of a holistic approach to safeguarding businesses and their data.
