A government-backed e-learning course aims to educate HR staff about the dangers of cyber threats.
Cyber Security for HR Professionals, a free course created by Whitehall and the Chartered Institute of Personnel and Development (CIPD), aims to help HR workers protect their companies' sensitive employee data.
Ed Vaizey, minister for culture and the digital economy, said: “HR professionals handle sensitive personal data so it’s crucial they are able to protect this properly.They are also responsible for recruiting, managing and developing the workforce in most organisations, so are in the perfect position to help colleagues understand cybersecurity.
"The new e-learning module we’re launching with the CIPD will help the HR profession tackle cyber threats and help keep our citizens and businesses safe in cyber space.”
The course also encourages HR personnel to educate their fellow staff about cyber risks, and tell them about preventative measures, and how a culture of care can protect the whole business.
The initiative is part of a wider cooperation between the government, senior HR professionals, IT and cybersecurity professionals and key influencers to promote the importance of cyber security at work.
CIPD, the body for HR and people development, said HR has a “critical role” to play in mitigating the competency and behavioural risks cyber crime presents.
The costs associated with the most severe online breaches now start at £1.46 million for large businesses – up from £600,000 in 2014, according to government figures for 2015. That cost now stands at £310,000 for small businesses – up from £115,000 in 2014.
The CIPD added this underlined a need for stronger engagement between the HR, IT and security communities to focus on “what is increasingly seen as one of the most significant and growing risks organisations of all kinds face”.
In the CIPD’s latest HR Outlook report, only 38 per cent of HR leaders cited cyber security as a top technology issue, compared to 46 per cent of non-HR leaders.
To address this disparity, the CIPD said it has met with a number of communities and organisations, including the government, the Centre for the Protection of National Infrastructure (CPNI), and other groups such as the Security Awareness Special Interest Group (SASIG), to promote greater awareness and understanding.
Peter Cheese, CIPD chief executive, said: “More secure technology, of course, is part of the solution, but organisations need to think much more broadly and consider how they are equipping their employees with the knowledge and understanding they need to help to protect their organisation and its data."
He added: “Understanding behavioural risk may lead to greater use of technology to monitor people and their actions at work, but it’s important that we balance that with the right ethical considerations and trust and empowerment of employees.
"We also need to look at the cultures and systems in place that can lead people to make mistakes that expose organisations to risks, whether this is a long-hours culture or people simply not having the tools to do their jobs properly.”
More information on the CIPD’s Cyber Security for HR Professionals e-learning module can be found here.
