4 Ways HR Can Help Build a Cyber-Secure Culture

As this year’s National Cyber Security Awareness month draws to a close, and while you finish cleaning up all the mess from your cyber party celebrations, we wanted to help you answer one question: How can HR buddy up with IT to foster a “security culture” in the workplace?

Turns out, there’s a bunch for HR to think about when it comes to securing workplace technology, and it goes farther than just onboarding employees with the right tech. We sat down with Daniel Leslie, Director of Information Security & Technology at Namely, to tell us what human resources professionals should keep top of mind when it comes to keeping employees safe, secure, and happy.

1. Have new hires meet with IT for an hour during onboarding—not just to guide them through new software, but for security awareness training.

A crop of new hires means a crop of new technology for IT to secure, but there’s more to cyber security than just encrypting a hard drive. “IT should know what systems new hires are going to use, then configure them and harden them. But then, they should meet with new hires for an hour of training.”

Be sure to set aside that time during your onboarding schedule for new employees to get the skinny on best practices such as setting effective passwords, how to browse and download files safely from the web, and—most importantly—hear all the details on company Wi-Fi. “Then, they’ll have a strong baseline to understand what the risks are, how to interact with social media, how to interact with two-factor identification [that is, securing accounts with your mobile device in addition to a password].” That way, security awareness is weaved into the fabric of your company from every new hire’s first day.

2. Collaborate with IT to create a BYOD wireless network.

Bring Your Own Device (BYOD) is almost an industry standard now—it’s one part of a flexible workplace that allows for employees to use the tools that work for them and their jobs. As an HR professional, BYOD helps to make your culture an easy-going one. Plus, it’s a nice work-life balance add-on.

“It’s something you’ll see across the industry,” Leslie said about BYOD. So, provide employees a separate secure Wi-Fi network with “BYOD” in the title so they’ll have internet access for their personal devices. “It’s totally separate from everything else,” Leslie said, and it won’t slow down the bandwidth you need for everyone’s in-office devices. Employees can then work however they work best.

3. Help IT get buy-in from employees.

Cyber security awareness does little good if employees don’t actually believe in or act on the strategies that IT presents to them. “It’s an awareness issue—it boils back down to keeping people aware of simple things like updating their browsers. It’s training, awareness, and an understanding of why it’s relevant to them.” That’s when employees reach a “psychological acceptance” of best practices—when they form the habits that can keep company data safe.

If IT needs some help nudging employees when passwords are ready for a change or software needs an update, HR can help spread the good word over email or the company feed. When the buy-in starts with HR, responsibility can seep into the whole org.

4. Be sure employees understand security awareness isn’t only for the company—it’s for them.

The mission of cyber security is bigger than your own company: It extends to the personal lives of employees. That’s one point that can certainly lead to “psychological acceptance.” “It’s about you as an individual in the information era knowing what the risks are,” Leslie says. “Not only are you a better person for the company, but you’re a better person for yourself, for your family, and for future companies you might work for.”

The company inherits all of those personal improvements. A ton of the insight from IT falls under an “always good to know” umbrella. When employees learn how to secure their personal accounts—and your company keeps important data safe—everyone can tread the waters of the cybersphere with a little more knowledge at the helm.

Interested in further resources on how to keep your company cyberly secure? Check out the SANS Institute for free resources, awareness programs, and more. NIST’s Newly Published Technical Guide also offers some excellent how-to guides and plenty of tips for making sure your org is up to speed on best security practices.