Cyber Threats Front and Center for Employers as Trump Administration Takes Office
One need only look as far as today’s headlines—where the presidential inauguration and hacking are receiving equal billing—to understand that the threats from technology are escalating. The Democratic National Committee now joins a long list of companies in various industries that have been victims of hacking, including financial services and health care, among many. The risks to proprietary and confidential information, affecting hundreds of millions of people, and the resulting public fallout escalate each year. The dramatic end to the 2016 election year foretells an even further increase in hacking events targeting companies and institutions of all sizes in 2017. To protect employees and assets, companies must become even more vigilant. It is critically important, therefore, that HR and IT become “best friends forever” in 2017 and work together to train employees and take other collective steps to protect against the loss of data from cyber threats.
Most HR departments are currently in various stages of identifying and scheduling their 2017 compliance training schedule. Equally important to addressing challenges and potential changes in labor and employment laws and regulations at the Equal Employment Opportunity Commission, DOL, and NLRB is preparing your workforce to protect employee and customer data and important organizational data from cyber threats. HR departments already offer training on, for example, the proper use of company technology and codes of conduct, and specific training in cyber threats is a natural addition. Indeed, the proper use of the company’s email system can include training on guarding against spearfishing and other social engineering attacks—one of the highest vulnerabilities. In addition, HR’s mission is to know its workforce and personnel, so it is best equipped to take complex concepts and break them down to digestible nuggets of information, disseminate the information across the workforce, track the training, and provide follow up. Trained in the science of people, HR can help IT identify and avoid “real world” ways that employees may utilize “work arounds” to avoid IT’s well-intentioned security and policy protocols (e.g., logging in as a coworker, text messaging for work-related purposes instead of using a Virtual Private Network (“VPN”) to get to secure email or documents, and noting their passwords on post-it notes). HR is well equipped to impress upon employees that they are the best defense to protect the company and their colleagues from harm. On the other hand, failure to follow proper procedures may result in HR disciplinary action. These capabilities, when added to IT’s understanding of the organization’s systems and likely vulnerabilities, make HR and IT the perfect match for 2017.