With so much at stake, businesses need to realise that cybersecurity is not an IT related issue, but everyone’s issue. The Human Resources team are the ideal people to help infiltrate a cyber resilient culture. HR teams work with people and form company policies, and therefore can help take care of most of the cyber security weak spots. Here are a few things you can do to work with the HR team to make a real difference.
Step 1 : First have clarity on HR’s role
Before your business drafts our a data breach plan, it’s important to first know and understand the responsibility that will be handled by the HR team. Make sure you have a team to help you make a Data breach response plan.
So, what is data response plan?
It’s a set of actions that helps businesses detect and respond to data breach incidents in a fast, planned and in a well coordinated manner
A data breach response team should include members from the following departments
- Information technology (IT)
- Human resources
- Public relations
- Customer care
- Executive leadership
Every team has own set of duties and responsibility in the data breach planning, typically the HR team has the following duties.
- Work with the legal team to know all laws are obeyed
- Create Policies and Procedures
- Help employees correct any issues caused by identity theft
Make sure the HR team is clear on the roles and responsibilities make sure to identity areas of dependency on other departments. Let’s say if any employee has faced cyber issues you will need to work with IT department to identity the technical issue and also to know what data was compromised.
Step 2: Identifying information to collect
A cyber attack will leave a lot of stressful days for management and employees due to disruption of operation, financial loss, filing law suits and much more, so it’s always better to be prepared in advance. Start off by creating a list of information that your team will need for creating a data breach response plan.
Majorly you will need information on time of the breach (When it happened, how long it lasted, how soon the issue will be solved). Also causation information like what or who caused the data breach, was it internal or external factor?
Information on data loss like, what kind of data is compromised? And finally some information from the legal angle like what local and national laws apply to data breach disclosures.
Step 3: Prepare response templates and procedures in advance
The best way to avoid any delays is to prepare templates for procedures and response plan well in advance.
Here’s some of the template you might want to start drafting:
- Employee notification template
This form will have general questions when an employee wants to report a data breach. Let’s say when and how the breach occurred or what steps should employee take.
- Definitions of cyber threats
You may want to list down basic definitions of some common cyber threats to aware your staff members.
- Communication Templates
Here you can list down templates on how your business will communicate with internal and external people in the event of a data breach. Let’s say if you need to communicate with your stake holders, this may include an initial communication (letter, email, phone call) that simply states that business is aware of the issue and is addressing it.
- Prepare sample FAQs:
Here you can list down frequently asked question by employees and department regarding a data breach. It will help you reduce efforts in answering the queries.
Step 4: Practice your response plan
Practice always makes things perfect. Data breach comes without your knowledge, its an emergency situation and so if it has not been drilled beforehand then you may not be able to secure your business at right time.
Following points will help you for successful drill:
- Hire 3rd party to test your data breach response plan
There are platforms which shall help test your response plan and will let you know where you stand and what preventive steps needs to be taken to improve.
There are multiple ways a hacker can get into your business network. It just takes one weak point or door ignored to turn down your business. Hence check multiple situation while you drill. For example A hacker exploited a vulnerability in your website and has compromised sensitive data. You may create a dummy site with some vulnerability, or send fake phishing attacks on employees to test if they are able to get phished.
- Analyse your loopholes
You may come up with many loopholes in your response plan, try and analyse all the points where you got right and places where you need improvement. Don’t worry if you failed, you just reduce the chances of them occurring during actual event. It’s rightly said success is the next step of failure.
Step 5: Take Preventive measures from data breach
The best way to prepare for a data breach is to prevent it from occurring. Make your staff the 1st line defender against cyber threats.
Ensure continuous cyber security awareness training for your workforce, investing in this will ensure your staff is well educated and don’t fall for the phishing scams. They will also be aware of the steps they need to take if they suffer a data breach.
You may include the following topics in training
- How to handle personal and business data
- Don’t fall for the Phishing scam
- Types of cyber attacks
- Recognizing and preventing various cyber attacks
Work alongside your IT department to create a robust cyber security plan. While there are many questions you must answer, here are a few fundamentals you should consider when developing your strategy:
- How will you encrypt files that contain sensitive data, like employee records and all other confidential data?
- What is the plan of action, if employee or customer’s data is exposed?
Create a security minded workforce
If you would like to improve your organisation’s attitude towards cybersecurity, it’s a good idea to invest in offering your employees security awareness training. HR can take charge to help build a data response plan and also educate employees.