Is your HR team a threat to IT security?

One study claims that HR professionals are a threat to their own companies due to a ‘latency for mistakes’

HR departments – and the people inside them – have come second only to finance in a list of departments posing the biggest IT security threats.
 
Research released by UK-based tech firm Clearswift shows 42% of global security professionals name HR as the biggest IT security threat to business.
 
This reputation for risk was trumped only by finance, which 48% of the 500 security professionals surveyed thought was the biggest risk.
 
For UK respondents, the HR team actually represented the biggest risk for 48% of professionals surveyed, with finance only considered more risky by 42%.
 
The research said HR’s bad name stemmed from the ‘latency for mistakes’ by employees within the department, such as sending confidential details to the wrong people, inadvertently installing malware on computers, or of employees and contractors within deliberately stealing valuable data.
 
HR was also higher on the list due to ‘cultural factors’, Clearswift claims. For example, legal and compliance were considered much lower risk.
 
The biggest potential enemies within were middle managers, who were rated by 37% of security professionals as the higher risk for IT security.
 
“Middle aged, middle managers are ‘in between’ – having access to the data, but no obvious stake in the consequences of losing it,” the report stated.
 
“They are also more likely to be under time and financial pressure, and so may be more inclined to take risks. This puts them in a position, liable to make mistakes or even succumb to foul play,” it said.
 
Senior managers in contrast were rated as highest risk by only 19% of respondents, with executives and admin coming in even lower at 12%.
 
An overwhelming 79% said men were more of a worry than women, with researchers suggesting this was due to women’s more ‘cautious’ nature.
 
Also, remote workers were much less of a risk than those working inside the office, with 67% naming office workers as the highest IT security risk.
 
“Despite the perceived security worries about people working out of the office on whatever devices they want, those in the office actually have easier access to sensitive data, so are more likely to lose it,” the report states.
 
Related stories:
 
Poor HR policies encouraging major security risks
 
What exactly is causing the data breaches at your company?
 
Cyber-crime: what you need to know