Why HR is critical in cybersecurity

A global cyber-security association says employers should have a six-phase model approach in crafting a response plan.

Cybersecurity is no longer just an IT concern because of how pervasive the use of technology has become in practically all office functions, making the whole organisation vulnerable to attacks.
 
“It’s an ‘enterprise and organisational’ concern,” said Christos Dimitriadis, chair of board of directors at ISACA, a global IT and cybersecurity association.
 
“A key part of having great cybersecurity teams is identifying quality cybersecurity professionals, hiring them, and providing the professional development tools to ensure that your cybersecurity team is always operating at the highest levels—and those are all efforts that HR plays a vitally important role in,” he added.
 
HR is particularly attractive to hackers because it is a repository of personal identification information, he said.
 
“Ensuring that an organisation has the strongest cybersecurity possible – to protect both internal information, and information acquired from customers, vendors, and other resources – is in the best interest of both HR and the organisation it serves.”

Crafting a cyber response plan

Having a cyber response plan or an incident response plan (IRP) in place would ensure that the business will continue to run in the event of a cyberattack and Shannon Donahue, ISACA director of information security practice, said that every organisation should have one.
 
She said that there is a six-phase model that companies commonly use:
 
  • Preparation – This phase prepares an organisation to develop an IRP prior to an incident. Sufficient preparation facilitates smooth execution;
  • Identification – This  phase aims to verify if an incident has happened and to find out more details about the incident;
  • Containment – At this stage, the incident management team (IMT) is activated and information from the incident handler is shared. The team will conduct a detailed assessment and contact the system owner or business manager of the affected information systems/assets to coordinate further action … to limit the exposure.
  • Eradication – This can be done in a number of ways: restoring backups to achieve a clean state of the system, removing the root cause, improving defences and performing vulnerability analysis to find further potential damage from the same root cause.
  • Recovery – This phase ensures that affected systems or services are restored to a condition specified in the service delivery objectives (SDO) or business continuity plan (BCP). The time constraint up to this phase is documented in the recovery time objective (RTO).
  • Lessons learned – At the end of the incident response process, a report should always be developed to share what has happened, what measures were taken and the results after the plan was executed. Part of the report should contain lessons learned that provide the IMT and other stakeholders valuable learning points of what could have been done better. These lessons should be developed into a plan to enhance the incident management capability and the documentation of the IRP.
 
Furthermore, Donahue advised that HR should be part of the security process in ensuring that each employee is receiving the right level of access, cybersecurity awareness training, proper onboarding and offboarding cybersecurity practices.
 
“Every time an enterprise loses an employee, they lose data and ensuring this is minimised is a critical role for HR that is often overlooked,” she said.

“HR is a strong influencer of corporate culture and creating a cybersecurity culture with the help of the security department is vital,” added Dimitriadis. 

Recent stories:

How to mitigate Christmas party risk

Do employees really need help with financial wellness?

The downside of an open-plan office