A new survey shows that cybersecurity training for HR teams is a low priority for many companies. Are you doing all you can?
A member of your HR team has some employee files open on the computer and gets called away for a second. Would clearing the screen and protecting this data be a top priority? According to a new survey, it might not be. Nearly half (41%) of employers say they don’t train all their HR personnel to protect employee data; and only 19% revise their policy each quarter. The implications are alarming, but there is much you can do now to address this urgent issue.
Among the highlights of this survey:
- More than a third of employers say they are operating without a formal policy to protect employees’ data.
- Of those employers who have a formal policy, 44% said that employee noncompliance is their greatest challenge.
- About one-fifth say they don’t have time to draft a formal, written policy.
Protecting information should be a top priority for organizations, especially as employees are using more platforms to communicate. For instance, a survey early this year showed that more than half of workers use messaging apps such as Facebook Messenger, WhatsApp, and Skype up to six times a day for work-related activities. Nearly a fifth (16%) say their HR departments don’t know about these activities. At the same time, 68% of respondents say they’d stop using these apps if their employer provided its own internal communications platform. Only 12% worry that sensitive data could be left exposed to data breaches.
As over half of cyberbreaches are thought to be caused by employee negligence or malfeasance, it’s essential to make sure your HR team has cybersecurity training. While it’s not one-size-fits-all and you should consider each person’s role in creating security risks, there are some common training elements for everyone:
- Email usage, including recognizing a possible phishing email.
- Unauthorized software. Everyone should understand that they must not download software from unknown sources.
- Internet usage. As more hackers are using internet links to lure victims, train employees not to click on unfamiliar links from suspect or unknown sources.
- Passwords. Train workers to use strong passwords, change them regularly, and keep this information secure and private.
- Social engineering. Train workers how not to become prey to those attempting to manipulate them to share confidential information, especially via email or social media platforms.
- Personal devices. Work with employees to protect their personal and work devices. Have policies about the use of personal devices for business purposes.
- Social media interactions. Have in place and communicate strong, specific policies about social media use by employees.
- Follow-up. Technology changes rapidly, and hackers are coming up with new ways to steal information all the time. Stay on top of cyberthreats and new technology to support prevention.