HR’s role in cyber security

One employment lawyer says Kiwi firms have an opportunity to adopt world-class risk management processes.

HR’s role in cyber security
2016 was a year of cyber risk dawning for many New Zealand businesses, as the importance – and sheer enormity – of cyber security risks has made its way into board rooms and senior leadership teams. It is important that plans for cyber security go beyond the IT department and incorporate HR who can play a vital role, in communicating risks and lessons learnt effectively across the organisation.

Generally, the current response is to apply basic risk management strategies to the cyber context with an aim of keeping New Zealand open for business. Most Kiwi businesses are not yet fully aware of the legal consequences of poor cyber risk management. Experience tells us the cyber breach litigation of LinkedIn and Target may soon be a reality for New Zealand firms. Recent commentary from the Privacy Commissioner confirms that the regulatory enforcement horizon will also heat up in the next 12-18 months. The Commissioner has indicated a desire for greater penalty and enforcement powers under the new privacy legislation regime.

In this environment, Megan Richards of MinterEllisonRuddWatts advises that “Kiwi organisations have a unique opportunity to adopt world-class (perhaps even world leading) cyber risk and crisis management processes, before the legal consequences of a large scale cyber breach bites – and to potentially avoid or minimise those consequences across the board.”

What can you do?

Having established, practised and thorough risk and crisis management procedures in place are key. This involves three key areas planned for:
  1. Pre-event – Make sure you understand what the key threats and risks to your systems are and that you have run an audit of your existing IT systems and what risks they pose. All staff should have an awareness of the basic risks.
  2. On suspicion of an event –It is important that all your employees know exactly what to do and who to notify. This can be done through regular communications around individual responsibilities to all your employees or through training, like Safetrac’s online Cyber Security course.
  3. Post-event – Firstly you clearly need to contain the breach, and then go about the task of recovering data. Then it is essential to monitor the environment for a persistent threat. To help keep your systems clean moving forward and as part of on-going learning, document the steps taken. It is here where HR professionals can then communicate the lessons learnt to the business.
If you’d like to learn more about what steps you can take, you’ll find a “cyber security toolkit” to download here
Recent stories:

Diversity chief names areas of improvement

New appointment for ERA

Unions criticise “inadequate” wage hike


Free newsletter

Our daily newsletter is FREE and keeps you up-to-date with the world of HR. Please complete the form below and click on subscribe for daily newsletters from HRD New Zealand.

Recent articles & video

Conducting reference checks: What you need to know

How can employers support staff in a time of tragedy?

The benefits and pitfalls of a 'four-day work week'

Are employees on maternity leave entitled to accrue leave?

Most Read Articles

Inside Krispy Kreme's recruitment strategy

Are employees on maternity leave entitled to accrue leave?

Is your workplace culture toxic?