Local and county governments are entrusted with many types of personally identifiable information (PII), personal health information (PHI) and other sensitive data such as births, deaths, social security/social insurance numbers, property tax, deeds and medical records.
As keepers of such valuable information local governments need to ensure that security measures are in place to protect constituents' data from cyber attack. Here's how HR departments in local government can play an active role in reducing cyber security risks.
How HR Can Help Reduce Local Government Cyber Security Risks
Let's look at the numbers: 90% of security breaches occur because of internal mistakes1 and 60% of breaches are a result of internal attacks2. Why does this happen? Simply because the very traits that make us human (curiosity, ignorance, apathy and hubris) are the very traits that open us up to cyber security threats.
Couple this with the fact that local governments are prime targets for increasingly sophisticated cyber attacks because they are strapped for resources and budgets.
Even so, here's how HR departments can directly help to reduce cyber threats.
Foster a Culture of Security
Through data awareness and training, many security threats can be mitigated. As part of the onboarding process, new hires should be trained in policies and procedures related to data security. As well, continuing education for all employees such as how to spot phishing emails and smart password management should be mandated as security threats are constantly changing.
Employees at every level of the organization should be aware of the steps they need to take in the event of a security incident. Making employee handbooks and checklists available with the procedures in place for recovery and restoration is a must.
As well, local governments need to ensure that policies and procedures controlling access to sensitive data are in place. By following the well-established least-privilege principle means that employees are only granted the minimum access to data to perform their job function and only granted access for the minimum time necessary.
Human resources in local and municipal government settings working in conjunction with their IT departments need to remain vigilant in monitoring employee access privileges as roles and responsibilities frequently change over time. Enforcement of best practices related to passwords is essential to reducing risks.
Work Closely with IT and Management
Data protection technology helps all of us be more productive and efficient, but we also need to address the human aspects of data security. Here, HR departments working in conjunction with IT and management can play a significant role in helping organizations move towards reducing risk and keeping their organization safe from cyber attacks.
Want more information about HR and Data Security? Download the StarGarden White Paper.
References:
1.BM X-Force 2016 Cyber Security Intelligence Index
2. The Biggest Cybersecurity Threats Are Inside Your Company." Harvard Business Review. Marc van Zadelhoff. Sept. 19, 2016.