HR’s role in cyber security

One employment lawyer says Kiwi firms have an opportunity to adopt world-class risk management processes.

HR’s role in cyber security
2016 was a year of cyber risk dawning for many New Zealand businesses, as the importance – and sheer enormity – of cyber security risks has made its way into board rooms and senior leadership teams. It is important that plans for cyber security go beyond the IT department and incorporate HR who can play a vital role, in communicating risks and lessons learnt effectively across the organisation.

Generally, the current response is to apply basic risk management strategies to the cyber context with an aim of keeping New Zealand open for business. Most Kiwi businesses are not yet fully aware of the legal consequences of poor cyber risk management. Experience tells us the cyber breach litigation of LinkedIn and Target may soon be a reality for New Zealand firms. Recent commentary from the Privacy Commissioner confirms that the regulatory enforcement horizon will also heat up in the next 12-18 months. The Commissioner has indicated a desire for greater penalty and enforcement powers under the new privacy legislation regime.

In this environment, Megan Richards of MinterEllisonRuddWatts advises that “Kiwi organisations have a unique opportunity to adopt world-class (perhaps even world leading) cyber risk and crisis management processes, before the legal consequences of a large scale cyber breach bites – and to potentially avoid or minimise those consequences across the board.”

What can you do?

Having established, practised and thorough risk and crisis management procedures in place are key. This involves three key areas planned for:
  1. Pre-event – Make sure you understand what the key threats and risks to your systems are and that you have run an audit of your existing IT systems and what risks they pose. All staff should have an awareness of the basic risks.
  2. On suspicion of an event –It is important that all your employees know exactly what to do and who to notify. This can be done through regular communications around individual responsibilities to all your employees or through training, like Safetrac’s online Cyber Security course.
  3. Post-event – Firstly you clearly need to contain the breach, and then go about the task of recovering data. Then it is essential to monitor the environment for a persistent threat. To help keep your systems clean moving forward and as part of on-going learning, document the steps taken. It is here where HR professionals can then communicate the lessons learnt to the business.
If you’d like to learn more about what steps you can take, you’ll find a “cyber security toolkit” to download here
Recent stories:

Diversity chief names areas of improvement

New appointment for ERA

Unions criticise “inadequate” wage hike


Recent articles & video

'Good natured': Bunnings responds to criticism about how it handled a worker's chronic tardiness

Orchestrated dismissal? Worker claims 'conflict' with employer before redundancy

WorkSafe's role in Whakaari eruption in spotlight as operators seek reduced culpability

Nearly 6,000 Black employees at Tesla allowed to collectively sue for discrimination, harassment

Most Read Articles

New Zealand to hike median wage rate to $31.61 an hour

Manager's email reveals she intended to resign amid constructive dismissal claim

'Bullied' manager wins over $130k against former employer