The role of HR in mitigating cyber threats

The past two years have driven major changes in priorities for employees, with a demand for flexibility to work from any location, and a desire for overall improved employee experience (EX). However, whilst offering new ways of working is an important step in improving EX and retaining staff, it cannot come at the expense of cybersecurity.

Corporate security threats are on the rise and HR teams need to make cybersecurity practices and the deployment process of technologies easy enough that both technical and non-technical people can implement it to stay secure. Successfully navigating around this Bermuda Triangle of cyber threats will sustainably protect employees and company data against these increasing threats.

Our working world has become much more flexible in recent years with more than 40 per cent of the Australian workforce regularly working from home. However, with this flexibility comes a lack of visibility across devices and the employees that use them. In the hybrid environment, 36 per cent of workers now use personal devices to access corporate data and a greater 49 per cent connect IoT devices to their home networks.

Such an array of unmanaged systems has made EX an unnecessarily complex and time-consuming experience.

This has left both businesses and individuals exposed to unnecessary risks – the latest DBIR report showed that 82 per cent of breaches still involve human error.

Any given employee base consists of a range of digital capabilities and if digital assets are not user friendly, these individuals will take shortcuts to gain access to information. The repercussions of these shortcuts are most commonly felt when employees exit a business as HR teams are unable to identify and manage data across a blend of personal and corporate systems.

The risk of insider threats has increased considerably since the dawn of hybrid work with insider-led security incidents occurring 44 per cent more frequently in 2022 than in 2020. In a work-from-anywhere world combined with changing labour market dynamics, HR must create easy access to corporate resources while minimising the risks of cyber attacks.

Here are five steps that companies can take to move towards a secure future out of the Bermuda Triangle of cyber threats:

1. Create a culture of cybersecurity

The topic of security must be firmly anchored in the corporate culture. If all employees are aware of the dangers posed by criminal hackers and the steps and tools available to combat them, the risk of an attack is reduced. This ensures that each individual behaves prudently and does not cause security breaches out of carelessness.

2. Strengthen passwords

One of the most effective steps for more cybersecurity is strong password management. Passwords are still one of the biggest security gaps in companies.

The remedy is a business password manager. Here, instead of various passwords, the user only has to remember one strong master password. With this, they can access their safe, in which all passwords are managed, and employees can assign randomly generated, secure passwords for each of their accounts without losing track of them.

3. Employ single sign-on and multi-factor authentication

Single sign-on (SSO) reduces the number of passwords employees need to create, remember and manage. SSO technology securely connects employees to the business applications they have been assigned, without the need to enter an extra password. Combined with a password manager, this allows companies to achieve complete control over passwords and user access.

With multi-factor authentication (MFA), users must verify themselves via a one-time code or biometric data such as a fingerprint in addition to the password. Only after entering the second factor is the login process initiated.

4. Create a secure VPN

With a VPN, companies can secure their corporate network. The use of MFA offers the possibility to secure the VPN as well: unauthorised persons do not gain access to the network.

5. Know that security is an ongoing process

Hackers will always find new ways to circumvent security measures. Therefore, it is essential to continuously develop protection. Cybersecurity should not be understood as a static state, but as an ongoing process. Only then can companies stay one step ahead of hackers.

The user is usually the gateway for security attacks, yet it is not the users who are the problem. Rather, the HR teams must support their employees on the topic of cyber security. In order for the corresponding measures to meet with approval, they should be easy to integrate into everyday work. In addition, the tools used should maintain EX from any location and from their own devices.

Lloyd Evans is the identity lead of LastPass JAPAC

Note from the editor: please note that this article has been prepared for informational purposes only, and is not to be construed as advice.