Some of you may know that my role as a Cyber Psychologist with a background in Organisational Psychology, is to bridge the gap between employees and security teams, but also engage Human Resources (HR) wherever possible. The fact is, especially in larger businesses, HR often have access to important employee data which security teams can benefit from. Example of data include the output of the HR Annual Survey which will most likely include metrics such as ‘intention to leave’ or ‘satisfaction’ as well as offer employees the chance to give feedback on their managers, roles and responsibilities and the organisation as a whole. This is all critical data which can directly transfer to positive (or negative) security behaviours (and attitudes), and practically speaking, the sooner security teams are aware of an individual’s or department’s mass intention to leave the company the more likely they are going to be able to put in place security controls or solutions to protect their organisations from security threats, such as data breaches for example. This is especially important in times of major transformation or organisational change, such as mergers and acquisitions.
In very large organisations HR and Security are poles apart both in physical locality as well as people and process, and so it is not always possible to access that data, or to join forces in creating initiatives that hit the spot they need to. Even these larger organisations with mature security teams, that may even include an awareness manager, will fail to understand the importance of accessing or obtaining critical data within their organisation, right from the recruitment and selection stage. Their role is to attend to security processes and solutions to mitigate risk, the awareness manager often focusing on content of awareness materials, whereas HR is the division of a business responsible for finding, recruiting, screening, and training job applicants. Many don’t understand why this relationship between HR and security is so critical, even though logic says that screening for security values or being aware of possible insider threats is critical to managing security risk. In addition, HR departments are often responsible for running employee awards and incentives to motivate employees to be productive and good role models, but miss a trick in supporting security teams to identify the qualities which make a first class security champion or ambassador.
I was interested to see what chatGPT would think about the relationship between HR and security and here is it said…
————-
The relationship between Human Resources (HR) and cybersecurity within an organization is crucial for maintaining a safe and productive work environment. Here are some key aspects of their relationship:
1. **Employee Screening and Background Checks**: HR often works closely with the security department to conduct background checks and screenings for new hires. This ensures that individuals with questionable backgrounds or credentials are not brought into the organization, helping to mitigate potential security risks. These don’t need to be arduous and involve many hours of interviews and can involve some simple psychometrics that can screen for security values, motivation, commitment and insider threat.
2. **Policy Development and Enforcement**: HR and security collaborate to develop and enforce company policies related to security, such as access control, data protection, and workplace safety protocols. HR communicates these policies to employees and ensures compliance, while security provides expertise in assessing risks and implementing necessary measures.
3. **Training and Education**: HR and security teams may collaborate to provide training sessions and educational materials to employees on topics such as cybersecurity awareness, emergency procedures, and workplace safety protocols. This helps to enhance employees’ understanding of security-related issues and their role in maintaining a secure work environment.
4. **Incident Response and Investigation**: In the event of security incidents or breaches, HR and security often work together to respond promptly and effectively. HR may be involved in managing the aftermath of incidents from an employee relations perspective, while security handles the technical aspects of investigation and remediation.
5. **Access Control and Identity Management**: HR plays a key role in managing employee access to physical facilities, systems, and sensitive information. This involves coordinating with the security department to ensure that access privileges are granted appropriately and revoked when necessary, such as during employee terminations or role changes.
6. **Employee Assistance Programs (EAPs)**: HR and security may collaborate on the implementation of employee assistance programs aimed at addressing issues such as workplace violence prevention, conflict resolution, and stress management. These programs contribute to fostering a supportive and secure work environment.
Overall, the relationship between HR and security is characterized by collaboration and mutual support, with both departments working together to safeguard the organization’s assets, employees, and reputation.
——
Ultimately, if you can’t access the data you need to build initiatives that surround the employee with the tools and information they need, as well as provide you with the intelligence you need, then find someone who can.
#hr #cybersecurity #cyberpsychology #psycometrics #projectathena #psycSec
