24 May Yes, Cyber Security Should Matter to HR Personnel too!

If the recent “The New Paper” article is anything to learn from, it is that Cyber Security is more than just having the right software. In fact, great Cyber Security protection comes from having the appropriate technology, regular internal audits, and employees with clean Cyber Security habits.

The misconception that Cyber Security only matters to those within the IT department has to be quelled. Managing Cyber Security issues should be a company-wide priority. Recently, a number of Singapore-based institutions suffered a range of attacks.

Here is a timeline of some of the most popular Cyber Security breaches in Singapore:

• September 2014: A hacker organization called “The Knowns” leaked the personal details of thousands of karaoke users. Personal details such as the mobile numbers, identification numbers, and addresses of karaoke users were made available for public download. The motive behind this cyber attack was to show the hacker organization’s displeasure over the increase in toll charges at Woodlands checkpoint.

• February 2017: Cyber hackers spare no one – from medium-sized companies to large government organizations. In 2017, the personal records of 850 national servicemen were leaked. Details including their identity card numbers, telephone numbers, and birth dates.

• June 2018: Close to 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics between May 2015 and July 2018, had their personal particulars illegally accessed and copied. Additionally, around 160,000 of these patients had their outpatient prescriptions stolen.

• January 2019: The confidential information of more than 14,000 individuals diagnosed with Human Immunodeficiency Virus (HIV) was illegally disclosed online by an American conman. The records leaked include the names, identification numbers, and contact details of those inflicted with the disease.

Cyber hackers spare no one. In Singapore, institutions ranging from SMEs to large government organizations have been plagued by cyber breaches. Potential cyber breaches can be avoided when employees are educated – which is why the role of the HR department is important in cyber security.

Below, we delve deeper into the reasons why cyber security matters to the HR department:

1. To Identify Employees with Bad Security Habits  

Employees with terrible security habits are the biggest threat. They often lead to data breaches. Besides tarnishing the company’s reputation, data breaches are very costly too. A study by Ponemon claims that the average direct cost of a data breach is $3.2 million.  An attack of this scale would result in the loss of trust between both your company and clients and consumers after a data breach occurred.

One way hackers can access employees with terrible security habits is by trawling through social media. This is where the HR department should come in. The job of the HR department should be to identify people within the organization that presents the most threats. Of course, this isn’t an easy challenge – but the department can team up with the IT department to identify methods of identifying the company’s biggest threat.

2.  Help Educate New Employees

The human resources department is very valuable. Long gone are the days where the HR department only focuses on the hiring and firing of employees. Today, companies often rely on the human resources department for a range of services including employee management, new employee onboarding, as well as training and development.

Simple security tips such as good password protection, firewall tips, avoid targeted phishing scams should be relayed to new employees. Emails and unsolicited downloads can contain malware viruses.

The HR department plays a crucial role in educating employees with the right cybersecurity attitude.

3.  To Investigate Potential Cyber Attacks  

According to a threat report by IBM, 60% of cyber attacks come from either malicious intent or unintentional negligence, from an insider. This means that the employees were either directly involved in the release of private and personal information. Additionally, if the information was leaked on purpose, the employee could have covered their tracks or used a personal id instead of a work id.

In this case, it is HR’s duty to ensure that:

• Educate employees regarding the implications for not adhering to security measures set in place.
• Investigate triggers and potential employees that could result in a security breach by employees. Was there a recent demotion that took place? Or was there a recent termination that could’ve brought up ill will towards the company?
  

4. Recruit Cyber Security Employees

In order to hire the right people for the job, you’ll need to understand what is needed from the job. The HR department would have to understand the cyber security requirements that the organization needs.

Additionally, it is important for them to understand the different types of jobs available within the industry and the various roles they play within the company. Examples of roles include Security Analyst, Chief Information Security Officer (CISO), and Information Risk Auditors to name a few.

Only by understanding the various roles these positions play within the company will the HR department be able to create accurate job descriptions needed to hire the right employee.

5. Identify Crucial Skills the Organization Needs

Most importantly, the HR department needs to be aware of the skills and new technology needed to equip the IT department at its fullest capacity. Before dismissing this thought, ask yourself this. Can you identify the different certifications that a candidate applying for the role of a Security Analyst should have? If so, did they receive their certificate from an accredited institution? These are just a small percentage of the questions HR employees would have to ponder over. 

Additionally, the HR department would have to conduct regular evaluations to determine if the existing cybersecurity staff needs to attend any re-skilling or upskilling programs.

Learn more about the basic degree and certification that Cyber Security employees in Singapore should have with this useful article.

Cyber Security – A New Area of Focus for HR

Cyber Security is one of the many worries that every HR department should focus on. Consider outsourcing all your Cyber Security worries for your department’s peace of mind. Contact Victor at ([email protected]) for more information on how outsourcing and recruiting temporary cyber security talents is a great option to consider when it comes to protecting your company, its resources, and reputation online.

Stay informed, follow A Very Normal Company on Linkedin for more news and updates on Cyber Security outsourcing and recruitment in Singapore.