Security: The critical role of HR
Table of Contents
When hiring, onboarding, and enforcing data privacy policies, HR departments must ensure security is at the forefront of their minds. Get advice about the best ways to do this.
By Isabella Harford, TechTarget
Erdal Ozkaya, author Cybersecurity Leadership Demystified, stated that “A company culture can be defined by HR because they are responsible for hiring people.”
He said that HR has the same impact on a company’s security culture as CISOs and security teams. While security teams and CISOs are responsible for creating security policies for the company, HR is ultimately responsible to enforce them throughout the organization.
HR has two main cybersecurity responsibilities. It is responsible for ensuring that every employee, no matter their role or department, poses a low risk to the organization’s cybersecurity posture. This includes conducting due diligence and ensuring that employees receive the proper security training at onboarding. HR is also required to protect personal data of employees.
“Who has access your address, mobile or house phone number, banking details, and Social Security number?” Ozkaya asked. “HR.”
Ozkaya included a chapter on cybersecurity for HR professionals in his book. This chapter focuses on the critical role they play when it comes to data privacy, preventing negligence, and protecting against insider threats.
This excerpt from Chapter 4 provides guidance to HR teams on how they can fulfill their cybersecurity responsibilities. It includes tips on hiring practices and procedures and creating provisions for third-parties. Also, Ozkaya offers advice on cybersecurity best practices such as multifactor authentication, secure internet access, and best practices in cybersecurity.
Employment procedures
Personal security includes the management of the employment life cycle. These are some of the procedures that must be managed in order to ensure personnel security:
Cybersecurity Leadership Decoded by Erdal OzkayaVendors and contractors — procedures
Physical security procedures should not only be for employees. They should also include provisions for third parties who visit the organization’s facilities. Vendors, contractors, and consultants are all examples of third parties that may be included in these procedures. These are some of the procedures that should be followed when they visit organizational facilities:
This section has provided a list with procedures to be used when vendors, consultants, and contractors visit an organization. The next section will address the issue regarding hiring practices and how they can contribute to tightening security.
Employers should be strict
An effective way to keep internal systems safe is to have background checks done on all new employees. An attacker could pose as an employee to gain entry to a system from within. Therefore, it is important to invest time and resources in background checks to help businesses protect their systems. Background checks can be costly and organizations may not have the resources or time to conduct them effectively.
Professional security firms can perform background checks that reveal more information than the HR department can. Background checks can be done on employees as well as business partners and vendors. Background checks are necessary to ensure that an organization is able to trust business partners and vendors before engaging them in outsourcing work.
Using strong authentication mechanisms
Passwords can be cracked. It is now easier to crack passwords with the availability of more hardware and software. Employees should be aware of their rights.
