Cybersecurity Month: Updating the Human Firewall and Demystifying Cybersecurity

As we close out on Cybersecurity Month in an era where virtually every aspect of our lives is digitized, it is vital that we all recognize that cybersecurity is no longer just a technology-centric problem—it’s a human-centric one. The human element and organizational culture are critical factors in any successful cybersecurity program. Human Resources (HR) leaders are playing an increasingly vital role in addressing security gaps and enabling organizations to benefit from improved cybersecurity.

Understanding the Cybersecurity Problem

Cybersecurity can often seem opaque and intimidating. Before solving a problem, it’s crucial to diagnose it accurately. Many organizations and individuals have existed in a state of naivete, believing they are safe from cyber threats. Cybersecurity is not just about technology; it’s about managing risks. Whether it’s a nuclear power plant, an aircraft carrier, or even managing payroll, every aspect of business today is contingent on technology and susceptible to adverse cyber events. Therefore, understanding cybersecurity as a risk management issue is essential.

The Role of HR in Cybersecurity

HR professionals play a critical role in cybersecurity. They help protect the organization by implementing critical success factors, thought leadership, and practical tools. HR can influence corporate culture to embrace cybersecurity as a fundamental aspect of business operations. Ensuring your organization has policies, procedures, and an architecture that creates accountability for cybersecurity is crucial. HR should champion cybersecurity, establishing governance and a voice at the table. The whole company should be considered part of the security team, with HR leading the charge. Building a positive mindset around cybersecurity, celebrating near misses, and encouraging cyber resilience are also essential. This involves embracing awareness and accountability in the culture of the organization.

Cybersecurity as a Culture Issue

Cybersecurity is fundamentally a culture and behavior issue. High Reliability Organization (HRO) principles, such as deference to expertise, sensitivity to operations, and resilience, can help create a culture that minimizes errors and enhances security. These principles, initially adopted by industries like nuclear power and aviation, are now being embraced by healthcare and others and should be considered by all organizations.

The Human Element in Cybersecurity

Cybersecurity is a human problem that begins and ends with behavior and culture. Organizations should focus on creating a culture of zero harm, quality outcomes, and high trustworthiness. This involves establishing accountability, governance, and a voice at the table for cybersecurity.

Practical Steps for HR Professionals

1. Establish Accountability and Oversight: Ensure your organization has policies, procedures, and an architecture that creates accountability for cybersecurity.
2. Advocate for Cybersecurity: HR should champion cybersecurity, establishing governance and a voice at the table.
3. Create a Culture of Awareness: Build a positive mindset around cybersecurity, celebrating near misses and encouraging psychological safety.
4. Onboarding and Offboarding: Implement secure practices for onboarding and offboarding employees to prevent unauthorized access.
5. Security Training and Awareness: Make security training mandatory for new hires and renew it annually. Conduct phishing simulations to test and improve employee awareness.
6. Include Third-Party Contractors: Ensure that contractors and consultants are included in your cybersecurity training and policies.
7. Role-Based Access Control: Ensure that job roles match access levels to help minimize the risk of insider threats.

The Future of Cybersecurity

The rise of artificial intelligence and deepfake technology presents new challenges for cybersecurity. Organizations must remain vigilant and proactive to protect themselves from both external and internal threats by fostering a culture that prioritizes security and resilience. HR professionals must be educated on cybersecurity and play an active role in protecting their organizations. Insider threats, whether intentional or unintentional, are a significant issue. HR leaders must be conversant in cybersecurity and should partner with security teams to find creative ways to recruit and retain talent, including looking globally. This involves understanding the challenges, terminology, and being part of the solution.

Cybersecurity is a growing problem that requires a human-centric approach. HR professionals are crucial in defending and protecting organizations. By adopting a culture of high reliability and focusing on behavior and accountability, organizations can navigate the challenges of the digital age and better their position to achieve successful outcomes.