It’s not common for companies to assign any ownership of cyber risk management to HR departments, but there’s a strong argument this needs to change. Considering the type of data HR manages and its strong links to virtually every other business department, a better link between HR and IT can drive stronger cyber defenses. This article describes the importance of HR’s role in cybersecurity by discussing the data it manages, the security risks it faces, and strategies that HR personnel can use to safeguard employees and the broader organization.
Types of Data Managed by HR
HR-managed data is often sensitive in nature and regarded as lucrative from the perspectives of cybercriminals, who try to exfiltrate or access it to commit identity fraud or extort ransoms from companies. Looking at the types of data managed by HR clarifies why this department has a potentially vital and overlooked role in cybersecurity.
- Personal Identifiable Information (PII) about current and former employees, including names, addresses, social security numbers, dates of birth and more. If mishandled or accessed by threat actors, this information is a treasure trove for those committing fraud…
