Cybersecurity is also an HR responsibility

Cybercrime is a constant source of fear and frustration in the modern business world. The number of attacks is increasing as the tactics used by cybercriminals become more sophisticated. And the potential damage to businesses is also growing, with the global average cost of a data breach rising to $4.35 million in 2022, according to IBM.

Various factors are driving the rise in cybercrime, but recent research has linked the growing risk of cyberattacks to the shift towards remote working in recent years, as the typical remote workspace is not insufficiently protected, creating cybersecurity vulnerabilities. Additionally, as remote workers rely on digital communication tools to perform their jobs, they are more vulnerable to phishing and social engineering attacks. The study also claims that because remote workers are not physically together in the office, they may find it harder to communicate with colleagues and verify information or requests made in phishing emails.

Given this potentially increased risk, should companies stop working remotely? This would incur its own costs, as remote working has been shown to lead to increased productivity and staff retention. Our survey of 1,004 HR and business decision makers and workers across the globe found that 69% of employers with a remotely dispersed workforce said employee retention has increased since their company started. adopted this practice. Meanwhile, 72% of companies with a global remote workforce said productivity had increased since adopting a distributed model.

So what should companies do to improve their cyber defenses without sacrificing the benefits of remote working? Organizations might think that their cybersecurity is only IT’s job, but that’s not the case. In fact, focusing too much on technology will ignore the most important element of cybersecurity: your people.

According to another IBM study, 95% of cybersecurity breaches are the result of human error. So, while the people within an organization are the weakest link, it is also the responsibility of HR to improve cybersecurity and help implement the practices necessary to protect valuable data. HR has an invaluable role to play in preventing data breaches, and HR leaders need to step up their efforts and help protect their organization against cyber risks.

But what steps should HR take to address this issue? The first thing to do is to develop a culture of cybersecurity in the company through partnerships between HR managers, internal IT teams and data protection specialists. Cooperation between departments is essential.

One way HR can actively help is by partnering with IT to establish more granular levels of access based on organizational structure, including employee level and department. In doing so, HR can help control and regulate access to specific types of information and actions. This collaborative effort between HR and IT aims to protect sensitive data by granting access privileges only to those who actually need them to fulfill their job responsibilities. The principle of least privilege serves as a guiding principle, emphasizing that the intent is not to exclude individuals or withhold knowledge from employees, but rather to recognize that employees in different departments, such as marketing, finance or accounting, do not need unlimited access to information. everyone’s data. This principle should help limit the potential damage from a data breach caused by a single employee.

Then, HR can use recruitment, onboarding, and ongoing training as opportunities to ensure staff are aware of their cybersecurity responsibilities across the organization.

For example, recruiting is an opportunity to probe candidates for potential red flags, as employee misconduct is a common cause of data breaches. It is essential to perform background checks on candidates to verify the accuracy of their employment and educational history, as well as to detect any history of criminal activity or policy violations.

HR departments themselves should also be careful during the recruiting period not to fall for a ransomware or phishing attack disguised as a resume or cover letter. And if they must conduct virtual interviews with candidates, HR teams should ensure they have appropriate network security measures in place and confirm that any recruiting software used is installed with the latest security updates.

Similarly, the onboarding phase is a crucial time for HR to help protect sensitive information. HR should keep a record of all equipment received by a new employee and ensure that it is returned if and when the employee leaves the company, so as not to remove any sensitive data. New hires should also be made aware of important security precautions, such as how to spot phishing emails and create strong, unique passwords.

Again, HR should also be careful during the onboarding phase, as they will receive a large amount of personally identifiable information from the new employee, usually via email or fax. HR departments must ensure that these communications are encrypted before personal data is collected and stored.

Finally, training is an important opportunity to invest in ongoing cybersecurity education so your team can establish and maintain best practices. Employees need to be regularly reminded of the dangers of weak passwords and phishing emails. This training is also an opportunity to educate staff on the latest hacking methods used by cybercriminals and ways to stay safe while working remotely. For example, public Wi-Fi can pose a major risk, and while remote workers may benefit from the flexibility of working from a coffee shop or public space, they are safer using their smartphone as a hotspot. rather than connecting to an unknown network.

At Remote, all staff are required to complete training within their first 30 days of employment and annually thereafter to ensure they understand security policies, procedures and best practices. Investing in your workforce through training helps build trust among your employees, who are your first line of defense against a cybersecurity breach.

Businesses should not tackle this task alone; they can work with trusted partners who can help them protect their data while continuing to employ an internationally dispersed workforce. Employer of Record (EOR) service providers can help organizations build secure global teams, while ensuring that employers comply with local and international data protection laws in the markets in which they operate. This allows businesses to focus on running and growing their business.

There are other benefits to working with companies like Remote, who fully own their end-to-end operations, rather than relying on third-party entities. This approach is particularly beneficial as it allows them to have full control over the data and mitigates the risk of uncertain data handling practices. Remote has sought ISO27001 certification as well as SOC2 Type II, the most widely known and internationally recognized standard for information security management systems, to demonstrate our commitment to information security and provide a secure platform for our customers. Because EORs process sensitive employee data, including personal information, financial records, and legal documents, these certifications provide standardized, independent confirmation, so employers can be confident that rigorous security measures are protecting employees. information from their employees.

Embedding cybersecurity into corporate culture should be an effort undertaken by the entire organization, not just the IT team. The HR department has a key role to play in building a strong and secure foundation for a company to grow its globally distributed workforce.

By Marcelo Lebre, COO and co-founder of Remote.