The Emerging Impact of Human Resources on the 3 Pillars of Network Security

In today’s ever evolving business world, network and data security are no longer just the responsibility of IT. Every employee – within every department – plays a pivotal role in protecting the company from malware, malicious attacks, and data breaches. HR departments are trying to keep up with new policies and procedures as employees become more specialized and spend more time working away from the office. Sixty percent of small businesses are hacked every year, so human resources departments are becoming more involved in managing network security for organizations of all sizes. What are the three pillars of network security? Let’s take a closer look while we explore the ways in which HR departments can impact them.

 

Detecting vulnerabilities

The first step in keeping networks secure is determining where it’s vulnerable. It’s impossible to know where your vulnerabilities without first understanding how hackers often break into systems. The most common types of hacking use methods like the “bait-and-switch,” “clickjacking,” “phishing” and setting up fake wireless access points (WAPs), among others. The key point to remember is that hackers often trick people to gain access to a system. MalwareFox put together an easily-digestible list of hacking techniques, which you can read here.

HR professionals need to train employees to be on the lookout for any suspicious activity. Employees need to know how to create secure passwords and the importance of updating them every year and not to sharing their login information with anyone, including fellow co-workers. Any employee who leaves the organization with another employee’s login information is a potential security breach waiting to happen. Employees need to be shown examples of phishing and baiting attempts in order to be able to recognize them. More importantly, every employee should know the exact protocol to follow should they need to report any suspicious activity.

Detecting vulnerabilities in a network is the first step to increasing security. HR professionals need to make sure all employees are educated, as people are often the most vulnerable elements in a business’ network security system.

 

Managing patching

Once a network’s vulnerabilities have been established, software engineers need to make sure they plug any holes in the system’s software that could allow hackers to get in. This is known as “patching.” There are some truly terrifying statistics around patching and security breaches. Mark Hurd, CEO of Oracle, has stated that close to 85 percent of all security breaches occurred on networks where a patch was available for at least nine months prior to the breach. It’s no wonder he’s so adamant about shifting businesses toward the cloud.

The problem with patching in the traditional way is simple: It relies on humans. Finding the problems, writing the code and implementing the solutions takes a lot of time. However, hackers don’t wait for your system to be ready. HR departments have some big decisions to make in regards to executive leadership and IT teams.

The main decision that HR Departments face pertains to company structure. Should the organization move to a cloud-based system or stay local? Staying local with an on-premises company network provides more control over your data but requires on-site IT managers and software engineers to keep the network safe and running 24/7. A cloud-based system offloads the need for maintenance and reduces or eliminates the need to employ IT professionals. These third-party services now deploy AI-based “auto-patching” security measures in which the system itself can detect where it’s vulnerable and immediately deploy a fix once it’s available. They don’t have to rely on humans to detect or launch the patches.

 

Monitoring Activity

This is a real gray area for HR teams. A key to keeping any network safe is to know the activity happening on that network. But how far does your company want to take that monitoring when it comes to your employees? Some companies have very strict policies that track all web activity and block most websites that are not work-specific. Other companies are looser and trust their employees to be safe and use their time appropriately while at work. This is a difficult but important conversation for HR departments to have with employees and executives alike. If the culture goes too far in either direction, organizations can see a drop in morale or production.

HR’s job is to establish clear network-monitoring guidelines and communicate those guidelines to all employees. All good network monitoring policies should include:

  • Which computers or other devices will be monitored and when
  • What kinds of information will be collected
  • Who will have access to that data
  • What kinds of things will cause an alert to be triggered
  • Who is notified when an alert goes off
  • What will happen to an employee who violates online policies

There are plenty of other guidelines and regulations that may need to be included based on industry and company structure, but this is the core of all good monitoring policies. It comes down to the kind of company you want for your employees and the amount of risk key stakeholders are willing to take.

For non-technical professionals, network security can often seem like someone else’s responsibility. However, when you understand of your weaknesses, figure out how to fix those weaknesses and outline how to monitor the system, it becomes obvious that it’s actually everyone’s job to keep a company’s network secure. Hopefully the information above has made it clear that HR also plays a large part in keeping the company safe. Let us know if there is anything we missed in the comments below.