Cyber-security, GDPR and HR Professionals
You may have read the previous HR article ‘Explained: How does GDPR Affect HR?’
That article sought to raise awareness of the legislative implications of GDPR on HR departments. In contrast, this one will seek to raise awareness as to why GDPR is necessary.
2017 saw at least 6 publicised cybersecurity breaches. In non-techie terms, this meant that crooks and fraudsters stole people’s personal details.
From bank details to identities, the intent behind the theft was to either damage an organisation or extort money from the people whose data they stole.
For example, Lloyds Banking Group were the first victims of 2017. They were attacked. The result of this was a ‘denial of service’. While customers were temporarily locked out of their accounts, it seems that the bank’s security was good enough to limit the damage. Thankfully, no data or money was stolen. The NHS was the second organisation to fall foul of Cyber Criminals, followed by Abta, Three, Wonga and Debenhams.
75% of SMEs have experienced a cyber breach
According to the CIPD (Chartered Institute of Personnel and Development), aside from these 6 publicised cases, some 75% of SMEs have been through a cyber breach. Most of these breaches are never publicised. Furthermore, 46% said they had at least one cyber breach a year.
96% of Breaches are Down to Human Error
Clearly, cyber attacks and cyber security breaches are becoming an increasing issue. The CIPD also found that in 96% of recorded instances, the breaches are down to human error. In addition, when they interviewed HR professionals, 47% of them had no idea when the cyber resilience of their organisation was last reviewed. Given that only 22% of HR professionals had looked at human risk, the introduction of GDPR is hardly surprising. The intention behind this act is to provide every individual who is in the EU with greater protection over their data.
While GDPR might seem like a lot of unnecessary paperwork, when considered with the above, it does make sense.
This is why it is so important that HR departments consider which steps they can take to change attitudes towards data and the way employees treat it.
Organisations, who have not done so already, have between now and May to formulate their GDPR policies. Our article Explained: How Does GDPR Affect HR? will help you figure out where to begin.
The CIPD suggests that when formulating this policy, HR should consider company culture. They need to find ways to train staff to feel a responsibility towards the data they handle. They also recommend proper vetting of new starters qualifications and references and background checks.
As HR professionals, we all need to ensure that we, as individuals, understand how to remain compliant with new GDPR policies. We also need to ensure that we can keep data safe from cybercrime.
If you would like to get ahead and brush up your knowledge, the government have teamed up with CIPD in order to create a free cyber security module for HR professionals.