How defined is your role? And how often do you find yourself going above and beyond your initial “job description”? How often has your role changed altogether?
It goes without saying that every person in a corporate ecosystem juggles multiple roles, responsibilities and wears a hat with multiple titles.
Sounds efficient, right?
The efficiency of this process is limited only to the task and beyond the perception of a task, every other security aspect gets muddled due to it—which doesn’t exactly qualify for being efficient.
The need for collaboration
With constant changes in people’s roles, IT ends up playing catch up in order to provide them with the right access to the applications or other resources they need. Failing to provide these accesses in a timely and secure manner, falls under the umbrella of IT inefficiency and eventually on the HR—who may have not defined the changes from an organizational perspective or the changes have not been conveyed.
This mismatch of communication or lack of defined roles— including the roles of HR and IT is why HR collaboration with IT security is so imperative. While it sounds like a simple aspect of keeping records, HR plays a greater role in ensuring the safety of an organization—which is often underestimated by the rest of the organization as it is not exclusively defined in an HR’s role.
This gap in communication is because anything related to security is usually considered to be IT’s responsibility. But ‘human’ aspect in security is often forgotten, and by default, it must involve HR.
HR technology trends asserting the need for better security
Today, HRs are expected to go beyond the traditional responsibilities, and terms such as HR 2.0 are not unheard of—supported by rapid innovations of HR software—which provide efficiency and intelligence. These are softwares which help HR in maintaining a record of all the new hires, change or relieving of roles—in short, the entire employee journey is summarized in the software.
People analytics is also a domain which is being imbibed into several organizations. This article of Deloitte insights, rightly explains how this plays a vast role in handling today’s workforce. It allows for better hiring experience with job market getting competitive by the day and with the right emphasis on enabling the right work culture which celebrates inclusivity, addresses employee engagement and productivity—people analytics gathers professional and personal data of employees in order to make this possible.
While the intention for the collection of data is the ensure a better workspace, it is also daunting for employees to know the kind of data, especially personal data that is collected. This concern gives rise to the need for transparency of data to the employees and a big responsibility to keep this data secure.
The liability to manage this data is on the HR—which not merely a person but the institution which holds the organization together.
A domino effect due to lack of collaboration
- Lack of data classification: When roles and responsibilities of employees are not updated accordingly in HR systems, it becomes increasingly difficult to assign access to applications they need. They can go two ways—the employee loses productivity when he or she is unable to obtain access to the applications important to them or the employee gets too many accesses which they may not be entitled to have. This causes a bigger problem—the employee can either take advantage of the accesses at their disposal or imposters can utilize the excess accesses to carry out a data breach.
- Lack of employee engagement in security: Driving the mindset of employees towards organizational security, training them to be equipped to handle the responsibility and encouraging a culture in that direction falls under the responsibility of HR—as they are the strategic partners of an organization. A recent report stated that 14 % of employees in Europe would sell their work login credentials for just £200. This surely doesn’t signify employee loyalty and these are statistics which must be taken seriously.
So, what will IT do?
IT department is surely the driver for security. Setting the stringent governance policies, allowing them to be audit-ready, providing the right access to the right employee—all of these are surely their responsibility. Newer approaches like zero trust policy, all provide the direction for modern IT solutions. Yet, the primary source of employee information comes from HR. The IT department must also ensure that they provide a system where HR information can be incorporated with ease and empowers them with the right information.
Ways to encourage HR and IT collaboration
- It all starts the day you hire, and how you manage their data from then on. The simplest way to streamline and simplify this is by automating the process through an Identity and Access Management (IAM) solution. The IAM solution integrated with your HR software can easily convey the employee information for you. When you make an initial record of an employee, it is imported to the product—making it easy for IT to stay relevant. When the roles have changed, it is updated and imported in a similar manner. This change of role in the IAM solution can trigger the change needed for accesses based on the approval by managers using rule-based role access. Likewise, when the employee leaves the organization, with the updates and imports done by HR and IT—all their accesses are withdrawn, leaving no room for orphan account which in turn does not allow for an imposter to take over any account. HR must verify that the employee does not hold any data that can compromise organization security when they leave. This ensures proper audit of user rights and privileges. It is as simple as that. No manual assigning of roles, once the rules are set with HR and IT following the guidelines—collaboration becomes easier than ever.
- Not just organization data, employee data must be secure, with a lot of employee information provided to the organization, combined with people analytics tools which use Artificial Intelligence to extract data—there is a lot of data which can become exposed with a possible data breach. It is essential that organizations pay as much importance to people data as much as they do to organizational data. Deloitte insights showed across how companies are handling this data.
“64 percent of respondents reported that they are actively managing legal liability related to their organizations’ people data. Six out of ten said that they were concerned about employee perceptions of how their data is being used. However, only a quarter reported that their organizations were managing the impact of these risks on their consumer brand.”
Ensuring transparency in the data being collected, and providing awareness of how this data is protected is essential and must be a top priority for organizations.
- Your employees must be aware of the company’s legal rights, the documents which belong to the company and what is well within their rights. This education comes from the HR to ensure that employees are aware and no acts are carried out without awareness.
- Design a training method which encourages employee engagement and appeals to them. Most security awareness sessions are carried out for the sake of it which often ends up in employees losing interest. The message that cybersecurity is not an IT responsibility, but a holistic philosophy imbibed in the company culture which has to be embraced by the employees must be conveyed in a manner that sticks. HR can further collaborate with marketing teams to covey message in a way which appeals to everyone. Trainings in best practices for password management, safe interaction with the web and awareness of cyberattacks such as credential stuffing and phishing which can enable them to be more careful on an everyday basis must be provided.
Cybersecurity is a core aspect of an organization which requires collaboration and attention from every department. People and technology are the two important aspects to it thus HR and IT are the pillars of security. It is not a blame game of who is responsible for what—rather a unified approach to ensure security as a culture, it doesn’t take just one of these departments to drive it and see it through—it takes two to tango.