I often get asked by executives of organization what they should do about employees when it comes to cyber strategy. Human resource "cyber strategy" is the process of training and educating employees on how technology can impact the business in a negative way. Keep in mind, poor human resource activity can lead to compromised systems and increased costs for any organization.
What steps can your human resources team take towards an effective cyber strategy:
1) Planning - If cyber is not part of the strategic plan then the organization will struggle to implement any initiatives and the strategy will ultimately fail. Having the entire executive team as part of the planning process is very important when it comes to cyber strategy.
2) Selecting - Deciding a balance between security and functionality can be difficult. Often the more secure a cyber strategy is, the harder it can be for the entire organization to use the system. It is better to restrict access, then grant permission on a case-by-case basis.
3) Orienting - The entire organization needs to understand the cyber strategy and their role in it before a plan is implemented. Similar to orientating an employee for a new role, the on-boarding process for a cyber strategy needs to be clear and communicated effectively. Once performance expectations are understood, it becomes easier for the entire organization to implement the cyber strategy.
4) Training - The long-term success of a cyber strategy depends on the strength of its users. Training should be viewed as an investment, in the same way that major purchasing decisions are made for an organization. The more people that understand and buy-in to the cyber strategy, the more likely the plan is to succeed.
5) Terminating - Unfortunately human resource management requires making difficult decisions. If circumstances present themselves where an employee is not following the cyber strategy, termination may be necessary. Employment standards should be followed to give an individual the proper opportunity to buy-in to the cyber strategy. In the event an improvement plan is not working; an employee should be terminated to prevent the entire cyber strategy from being compromised.
What do you think?
Discovering risk through engaging discussions.