HR’s role in cyber security

by |
2016 was a year of cyber risk dawning for many New Zealand businesses, as the importance – and sheer enormity – of cyber security risks has made its way into board rooms and senior leadership teams. It is important that plans for cyber security go beyond the IT department and incorporate HR who can play a vital role, in communicating risks and lessons learnt effectively across the organisation.

Generally, the current response is to apply basic risk management strategies to the cyber context with an aim of keeping New Zealand open for business. Most Kiwi businesses are not yet fully aware of the legal consequences of poor cyber risk management. Experience tells us the cyber breach litigation of LinkedIn and Target may soon be a reality for New Zealand firms. Recent commentary from the Privacy Commissioner confirms that the regulatory enforcement horizon will also heat up in the next 12-18 months. The Commissioner has indicated a desire for greater penalty and enforcement powers under the new privacy legislation regime.

In this environment, Megan Richards of MinterEllisonRuddWatts advises that “Kiwi organisations have a unique opportunity to adopt world-class (perhaps even world leading) cyber risk and crisis management processes, before the legal consequences of a large scale cyber breach bites – and to potentially avoid or minimise those consequences across the board.”

What can you do?

Having established, practised and thorough risk and crisis management procedures in place are key. This involves three key areas planned for:
  1. Pre-event – Make sure you understand what the key threats and risks to your systems are and that you have run an audit of your existing IT systems and what risks they pose. All staff should have an awareness of the basic risks.
  2. On suspicion of an event –It is important that all your employees know exactly what to do and who to notify. This can be done through regular communications around individual responsibilities to all your employees or through training, like Safetrac’s online Cyber Security course.
  3. Post-event – Firstly you clearly need to contain the breach, and then go about the task of recovering data. Then it is essential to monitor the environment for a persistent threat. To help keep your systems clean moving forward and as part of on-going learning, document the steps taken. It is here where HR professionals can then communicate the lessons learnt to the business.
If you’d like to learn more about what steps you can take, you’ll find a “cyber security toolkit” to download here
Recent stories:

Diversity chief names areas of improvement

New appointment for ERA

Unions criticise “inadequate” wage hike


HRD Forum is the place for positive industry interaction and welcomes your professional and informed opinion.

Name (required)
Comment (required)
By submitting, I agree to the Terms & Conditions