2020-08-26 HR Examiner article Sam Bocetta Human Side of Cybersecurity Coronavirus Pandemic photo img AdobeStock 207793837 544x319px.jpg

“Technical tools and threat detection systems are an important part of any cybersecurity framework, of course. But they are arguably the least important part of them. Companies can have the best technical foundations possible, and still have their security undermined by poorly educated staff members.” - Sam Bocetta

 

The Outbreak Of Covid-19 Brought A Renewed Focus On Cybersecurity

 

One of the major themes of the responses to the Coronavirus outbreak in many organizations has been a renewed focus on cybersecurity. In the wake of many employees being required to work from home, the adoption of security tools and systems has been greatly accelerated in the last few weeks. 

 

Technical tools and threat detection systems are an important part of any cybersecurity framework, of course. But they are arguably the least important part of them. Companies can have the best technical foundations possible, and still have their security undermined by poorly educated staff members.

 

Most organizations are aware of this. Just over half of businesses (52%) believe they are at risk from within, according to research by Kasperksy. Yet fewer know how to improve the human component of their security systems. In this guide, we’ll show you how. 

 

Security Literacy

 

The first and most important aspect of ensuring that employees don’t undermine security processes is to ensure that each and every staff member has a good level of security literacy. This should include the importance of using strong, unique passwords for every system; a thorough grounding in how to use biometric authentication hardware; and the correct way to store and send data.

 

Achieving security literacy is not so much an event as a process. In order to improve the security of the way in which the average employee works, they will need to receive regular updates and refresher courses, and perhaps even monetary incentives for staying engaged with cybersecurity training and processes.

 

Remote Working

 

Security tools that claim to protect remote workers have seen a huge spike in demand over the past few months, but the truth is that these are almost useless unless they are properly utilized. Ensuring security whilst working at home is one of the most complex aspects of network hardening and protection, and employees will need extra training in order to ensure that they keep themselves, and their organizations, safe.

2020-05-04-HR-Examiner-photo-img-Sam-Bocetta-EAB-400x400px-vhq.jpg

Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphasis on technology trends in cyberwarfare, cyberdefense, and cryptography.

 

This training should give staff members access to detailed resources for remote workers but also contain instruction on the proper use of VPNs (see below), and the ways in which staff members can improve the security of the home WiFi networks they will be sending sensitive data through.

 

Balancing Fear and Knowledge

 

Improving staff members’ knowledge of security is undoubtedly important, but when delivering this training there is a fine balance to be struck between highlighting cybersecurity risks and not making employees so scared that they are unable to contribute effectively to their teams.

 

One area in which this issue is particularly acute is when it comes to securing your internal communications.

 

Most companies – rightly – will point out that employees should not share sensitive data outside of company-approved channels, and the best will provide their staff with VPN services even when using these systems.

 

Unfortunately, an over-eager emphasis on the risks of data interception can prevent staff members from openly sharing their thoughts, reducing communication, and with it, productivity as well.

 

The Role of HR

 

HR departments have a huge role to play in ensuring that employees use IT systems effectively. This role can be broken down into (at least) two distinct elements: training, and hiring.

 

When it comes to training, HR departments should ensure that they keep detailed records on the level of cybersecurity training that individual employees receive, and how frequently they have completed such courses. Close collaboration with training departments can then be informed by a needs-based assessment of the level of knowledge of staff members.

 

This process should start at the earliest stage possible, and for most employees that means when they are hired. During the recruitment process, HR departments should assess the level of security knowledge of potential staff members. This kind of soft-skills assessment is one of the primary uses of deploying AI in HR, and can greatly contribute to an organizations’ overall security resilience.

 

The Bottom Line

 

Although training staff to work in secure ways is primarily important when it comes to improving cybersecurity, it also has other benefits, and not least on the profitability of your organization. It is less expensive – or at least more valuable – to train staff to use the tools they have securely, rather than investing in pricey threat intelligence tools.

 

Ultimately, the security of a system is only as good as the least informed employee, so make sure that the humans you manage are as security-focused as the systems they use.