Create cyber defenders with the right HR tools

If hackers take over the company’s network, the company is down. HR can play a significant role in promoting Internet security in the organization. For example, it is very important to include IT security behavior in HR tools such as appraisal interviews, but also in staff recruitment. HR can promote cyber security by following 5 tips.

Unfortunately, many cyber incidents are the result of human error, such as an employee falling for a phishing email. This happens, for example, if a hacker pretends to be the company’s IT expert. If he/she succeeds in gaining the employee’s trust, the employee can simply provide login information. This happened recently with the taxi app Uber.

Most companies are now so dependent on the Internet and IT that they are completely paralyzed if they are hacked. Therefore, it is important to continuously educate staff with training in security awareness, advises the IT security company Mimecast.

Including cyber training in personnel policy
To get the most out of safety training, they need to be embedded in the organization. But according to Mimecast’s Duane Nicol, it’s not always clear to employees why cybersecurity is so important.

“Good communication therefore plays a key role,” says Nicol. “This creates a culture where people not only know not to just click on links, but also why not. And where they feel safe and confident enough to report suspicious emails and errors.
According to Nicol, it is therefore crucial that organizations integrate security awareness training into their personnel policy. He gives some concrete advice:


1. Reward and evaluate cyber-safe behavior

Be careful with punishments, but especially reward employees if they do well in security awareness. Part incentives for regularly reporting suspicious emails to the IT department or for enthusiastic participation in the training program. In addition, make cyber-secure behavior a regular part of evaluation and assessment interviews.

Encourage bug reporting in open culture

Even a well-trained employee can make mistakes and accidentally click on a rogue link. The sooner the IT department is aware of this, the greater the chance that the damage can be limited. Therefore, build one open organizational culture where people are not afraid to report bugs, but are even thanked for it. Reporting a bug should be as normal as getting coffee.

2. Mention security awareness as a requirement in vacant positions

Emphasize in vacancies that security awareness is part of the position and that the organization takes this very seriously. This means that the employee must undergo security awareness training to use the company’s systems. This is not just one requirements at work, but also useful for the potential new employee’s private situation. Emphasize that the courses are offered free of charge by the employer. They can do this employer also more attractive do in the eyes of the candidates.

3. Communicate the goal and test results

Safety is teamwork. You can let new employees participate in the training program from the start, but it is also important to get your current staff on board. Explain that the organization is vulnerable and that you everyone needs to prevent cyber incidents. Share the results achieved with employees often and in a positive way. For example, about a decrease in the number of dangerous clicks or an increase in the number of reported phishing emails. This makes people feel involved and responsiblewithout pressure or coercion.

4. Keep an eye on your language in continuous learning

Although users are the weakest link in security, it’s not always nice to hear. With subtle adjustments in the language, you can ensure that security awareness lands better in the organization.
For example, don’t call the employees who follow the training ‘end users’, but cyber defenders. How to emphasize that cyber-safe behavior is a continuous learning process and that it must be part of your DNA. Things can go wrong once in a while, as long as you report the mistake and learn from it so you can better protect yourself and your business.

5. Co-responsible for security

Training is important, but you will achieve the best results if every employee understands the importance of security awareness. With the right personnel policy and training program make sure everyone feels responsible for this. In this way, you increase your organization’s cyber resilience.

DON’T JOIN: Subscribe to the free Staffnet newsletter

Leave a Comment