In recent months, the drumbeat of news reports about large corporate data breaches has created a new national discussion about cybersecurity. Sophisticated hackers and cyber-thieves are not just hunting "big game" but are also targeting small and medium-sized entities that have not taken adequate steps to protect their data. These smaller breaches may not make the front page or trend on Twitter, but they can be deadly to smaller enterprises.
The HR department at any entity, big or small, must help establish a shared culture of cybersecurity. For HR, this effort means (1) implementing comprehensive policies and procedures tailored to the data the company maintains, (2) educating employees that protecting company and customer data is everyone's responsibility--not just the job of the IT department, and (3) creating evaluation tools to measure how employees perform on issues related to cybersecurity.
TIP: As an HR professional, promote data security policies, educate employees about protecting sensitive data, and evaluate how employees perform related to security measures.
Every day, employees face choices that can expose a company to a data breach, notification requirements, fines, penalties, lawsuits, negative publicity, and more. Do your employees understand the importance of this issue? Has the Company determined (and are employees aware of) what data it has, where that data is stored, who has access to it, and how it might be accidentally disclosed? Does the Company have policies and procedures for the protection of confidential information and company systems? Have employees been properly trained on this issue?
HR should insist on including data security training during orientation. Targeted training should occur within separate business units. Helpful tips and reminders regarding cybersecurity should appear in company newsletters and e-mail alerts. Regular self-audits to check on compliance will serve an additional training function. And, knowing that behavior follows what is measured, periodic employee evaluations and performance reviews should include criteria related to data security.
Cybersecurity is not simply an IT issue; it is a matter of company culture and reinforced behavior, right down the middle of HR alley.