Future Friday: What role does HR play in Cybersecurity?

Handling cybersecurity requires a team effort.

When I talk to my certification students about HR’s role in dealing with technology in the workplace, I ask them to tell me how HR is involved with IT. I often get puzzled looks and some amorphous comments about enforcing policy. HR is the group that deals with the fallout of people violating policy. HR is also the group that initially communicates the IT policy, either through onboarding or through the employee handbook. However, Kurt Roemer, the Chief Security Strategist for Citrix, feels that cybersecurity should be an issue for all of the organization, not just IT, so in his scenario HR would play a bigger role.

The future of work has to include security

Writing in the Citrix blog, Roemer says that in today’s world everyone needs to be concerned about cybersecurity. He says that security is a big part of the employee experience. How people work, where people work, how they access work in a world of mobile, telecommuting, or working in Starbucks is an issue that everyone should be on everyone’s radar. We have IT that makes the rules and provides the access to company technology. We have HR that communicates those rules and deals with the fallout of violations of those rules.

Five steps

Roemer laid out five steps in his blog for improving cybersecurity today and in the future. These are steps that should also be applied to, and by, the HR department.

Rule #1- Educate users

That sounds pretty simple and Roemer acknowledges that. However, I can vouch for the fact that many HR people do not themselves understand cybersecurity issues. He says “As people gain the freedom to work anywhere, on any device, knowing how to do so safely must be a top priority.” Roemer goes on to give a point that is a key issue for HR. “In the employee-centric modern workplace, it’s also important to consider how this education takes place. It’s not enough simply to recite lists of rules and protocols. Instead, engage in a true dialogue—take the time to understand users’ needs and practices, and then explain your security policies in ways that are accessible and relevant to their daily experience.” This is the point where IT and HR should collaborate.

Rule #2- Engage with lines of business

The statement here is that IT and HR need to know how the business of the organization occurs. Quite often both groups may operate in a silo and construct and implement rules that don’t fit with the goals of the business.

Rule #3- Modernize and mobilize your security policies

In this world of BYOD (bring your own device) ways of working both IT and HR can struggle to implement and control when and where work is getting done. For cybersecurity working at a Starbucks may not be the best method to use. For HR, working from Starbucks at night may cause an issue if the employee is a nonexempt worker now building overtime.

Rule #4- Enforce policies fairly and consistently

Well, that has been a bug-boo for HR for decades. Obviously, it applies to IT in security situations as well.

Rule #5- Make it seamless—and automatic

Roemer makes a number of suggestions to improve security, including having a lot of automated processes that take away the opportunities for people to make mistakes. With the increasing use of AI (Artificial Intelligence) HR can and should also rely on technology to make many of the steps of HR more seamless and more automatic.
As businesses advance there will be many HR and IT issues that will need to be addressed. HR needs to work with IT to ensure that the future of the workplace does not result in a collision of people processes and security issues.

Leave a Comment

Pin It on Pinterest