It’s time for HR professionals to ramp up cyber awareness

The last 18 months or so have been challenging for a multitude of sectors. The pandemic has seen remote work shift from being marginalised, through normalised and now popularised. In fact, it is now acknowledged as an effective strategy for empowering an organisations’ HR departments.

For many of these departments, hybrid strategies are considered as a long-term solution to ride the headwinds of future disruption. This comes as almost half (46%) of business-critical HR functions moved to the cloud over the pandemic following work-from-home mandates, according to a new study conducted by Forrester Consulting on behalf of Tenable.

HR and the cyber threat:

HR being deliberately targeted in cyber security attacks

Keeping HR safe from cyber attacks

HRD's pocket guide to... cyber security

Migration to cloud-based tools, video conferencing applications and other IT services have kept many businesses operational. However, the result has atomised the attack surface, exposing the organisation to increased risk and offering threat actors even more entry points.

In addition, legacy systems that were rendered obsolete during the pandemic, coupled with short-term ‘Band-Aid’ security solutions, make the task more challenging.

However, by promoting better cyber hygiene, safeguarding an organisation doesn’t necessarily have to be daunting and instead viewed as a shared responsibility that helps create a safer future.

Here are five steps organisations can follow to become cyber smart:

  • Plan first: Before embarking on tackling challenges, a security team must create a clearly defined data management strategy that meets the needs of HR professionals and the organisation. Not only can it save time, but it also reduces risk by limiting third-party access to identify security gaps and review what’s needed.
  • Manage vulnerabilities: Despite cyberattacks increasing, the primary attack path that threat actors continue to capitalise on are vulnerabilities where patches are available but have yet to be applied. Organisations need to prioritise patching flaws, particularly those that are being actively exploited by threat actors. It is critical security teams support remote workers who could be at risk by pushing updates or informing staff of the action needed to remediate the risks. 
  • Enhance visibility: In addition to managing vulnerabilities, 71% of security leaders say they lack high or complete visibility into remote employee home networks*. That means that once a device connects to a network, it can become part of the enterprise attack service that leaves security teams picking up the pieces. To combat this, consider installing local vulnerability detection agents to provide off-network visibility and add IT systems management.
  • Stay updated: With research showing a staggering 36% of employees working from home delay applying security updates to devices*, any security team must keep applications, critical data, cloud-based assets and networking infrastructure updated. This can be as simple as ensuring the organisation is fully configured with end-point protection and detection.
  • Communicate: Security leaders will naturally bear the responsibility of ensuring the organisation is safe, but as HR professionals, there’s the possibility of putting these practices into action more effectively. Consider working in tandem to educate, implement and explain the reasons why measures should be embraced.

Preventative measures

As important as it is to implement IT solutions rapidly, it’s equally important to adopt long-term security strategies to reduce the number of scofflaws in an organisation.

Vulnerabilities are being increasingly found in VPNs, unpatched mail servers and web browsers making it incredibly important to lay the collective foundations across the organisation from the top down. The alternative is that attackers may target corporate servers, devices, or sensitive data that could lead to costly repercussions and put the wider organisation at significant risk.

There is, however, a silver lining to identifying weak points. If cybersecurity is embedded in HR departments and across the organisation, preventative measures can be implemented to avoid a rising attack surface that will, in turn, limit threats in corporate environments.

By David Cummins, VP of EMEA at Tenable

* The data is drawn from ‘Beyond Boundaries: The Future of Cybersecurity in the New World of Work,’ a commissioned study of more than 1,300 security leaders, business executives and remote employees, including 168 respondents in the UK, conducted by Forrester Consulting on behalf of Tenable.