Of the many ways to teach employees better practices for safeguarding company IT networks and computers, the "cupcake caper" may be the most memorable we’ve heard.
Scolding employees for carelessness about cyber-security is unlikely to be effective, said Katherine Jones, director of talent research in the intellectual capital group at consultancy Mercer. Instead, she suggested getting creative.
For instance, if an employee leaves a laptop open, unlocked, and unguarded, why not demonstrate in a fun way how that might come back to bite the employee in the backside? Jones said you could make the lesson hit home by going on the employee’s laptop and sending out a mass email offering to bring cupcakes for the entire office the next day.
Human resources departments may not think they’re on the front lines of cyber-security, but they have to assume some responsibility for their organizations’ defense against mounting threats, according to Jones.
One important role for HR is "to create a culture where it is safe to raise a concern’’ about the possible consequences of unintended carelessness for cyber-security, without fear of reprisal, she said.
She also said HR can take the lead in training employees on dealing safely with "phishing" emails and taking other basic precautions, such as keeping a ‘‘clean desk’’ without passwords written on sticky notes and investing in computer privacy screens.
Moreover, HR has a unique vantage point to sense in advance where internal threats might come from. ‘‘Nobody knows more than HR about things that are going to cause anguish and angst, like an impending layoff, or mergers and acquisitions,’’ Jones said. ‘‘People who act maliciously under these circumstances have usually done so before. HR can have managers monitor such people.’’
Culture of Security
‘‘Creating a culture of security is the key thing, where employees feel engaged and accountable,’’ said Grant Bourzikas, chief information security officer at well-known antivirus software firm McAfee. ‘‘Tie it back to their job. A lot of it is collaboration—we partner on a lot of education on the basic security hygiene employees should exhibit, such as ‘phishing’ tests.’’
There are ‘‘hundreds of ‘handling errors’ that occur across large companies,’’ according to Robert Bleimeister, who is currently program director at the Conference Board and formerly worked at insurance giant AIG as vice president of HR Global Operations, and at PwC and IBM as HR transformation and technology partner.
He said employers should take steps to curtail risks posed by employees’ personally owned devices, including peripherals that they might connect to employer-provided equipment. For example, company-owned laptops should be set not to read flash-drives plugged into them at all.
Bleimeister offered additional examples of security mistakes, including the following:
• HR personnel emailing unencrypted, personally identifiable information to their own personal email service, such as Google’s Gmail, to work on at home;
• Carrying payroll reports on a print-out, floppy disk, or flash drive to a local bank, especially in offices in the developing world;
• "Unsecured, printed-out compensation reports left on a desk;’’ and
• "Not providing the same policies, procedure training, and oversight of contractors, as we give employees."
HR Decision Support Network offers an array of resources for tackling tough workplace issues, including "Cyber-Security: How HR Can Deal With Security Threats," a strategic white paper available here to subscribers. See all the tools and targeted content we provide by starting your free trial today.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)