There’s no excuse for HR to be in the dark about cybersecurity

cybersecurity security
Bianca Healey


written on May 15, 2017

The global ransomware attacks of the past few days have placed cybersecurity back in the spotlight. As it becomes ever more obvious that the protections many organisations have in place are inadequate, HR needs to ensure their company is on the front foot when it comes to cybersecurity.

Over the past few days the world has been put on edge by the news that at least 200,000 computers in 150 countries were hit by a global cyberattack that disrupted operations at car factories, hospitals, shops and schools. It’s led officials to call for greater accountability for governments and organisations to ensure cybersecurity at their workplaces.

The attack, known as WannaCrypt or WannaCry used vulnerabilities in older versions of Microsoft Windows to lock users’ files and demand a ransom of $300 in bitcoin to release them. Microsoft pinned blame on the US government for not disclosing more software vulnerabilities, much of the vulnerability can be attributed to many organisations neglecting common sense cybersecurity measures.

For example, infected computers appear to be devices that organisations deemed not worth the price of an upgrade or, in the case of manufacturing or hospital workplaces, functions that proved too difficult to patch without possibly disrupting crucial operations, according to security experts.

Cybersecurity in Australia

Most Australian businesses have been spared from the attack by the WannaCry ransomware, although reports are still coming in about attacks across the Asia Pacific region, including 200,000 computers which have been affected in China and limited attacks in Japan. The federal government says only three Australian companies have been confirmed as being hit so far and critical infrastructure has not been damaged by the attack.

However, the government is warning that this “is not game over” in the battle with hackers.

For many small and medium-sized Australian businesses, the risk is in the gap between perception and reality when it comes to risks.

Almost a third of New South Wales small businesses have been victims of cybercrime, according to a new study from the Office of the NSW Small Business Commissioner.

SMEs can expose themselves to cyber risks doing things as simple as using email or taking a phone call, however 50 per cent of businesses think that limiting their digital presence to a business website and social media will protect them from cybersecurity risks.

Robyn Hobbs, NSW Small Business Commissioner says while SMEs may not have access to IT forensic consultants or in-house cybersecurity teams, there are simple ways for small businesses to manage cyber risks, including educating and training staff, continuously updating software, using two-factor identification for emails and payments, and encrypting important customer files.

Another area of concern is Australia’s IT skills drought.

As the ABC reported earlier this year, Google is set to launch a hiring raid for quality hackers, a move likely to exacerbate skills shortages.

The number of people taking up information and communications technology degrees has halved over the last decade, according to the Government’s Cyber Security Strategy.

The skills shortage is also impacting government agencies, which must compete with the tech giants to recruit cyber security professionals. The federal government expects demand for cyber security services and related jobs — such as legal services, insurance and risk management — to grow by at least 21 per cent over the next five years.

(How can you find and hire the best tech talent? Read our guide)

How HR can best ensure cybersecurity

HR needs to have digital intelligence to ensure that they have the ability to recognise threats and hire or work with cybersecurity experts to minimise exposure to risks and educate staff.

However this does not require a degree in computer science; instead, an awareness of the current landscape and a commonsense approach are important first steps.

  • While focusing on external cyber-threats, many organisations don’t consider the cybersecurity risks posed by their own employees. Read our legal guide to ensure your employees are a help and not a hindrance to your cybersecurity.
  • If information gets leaked or someone in an organisation is the victim of a hack, the responsibility to manage the fallout will land with HR. It’s imperative for HR to have a cybersecurity plan in place to put up the best defense against a data breach. We speak to a cybersecurity expert about the correct steps to take.
  • In response to the attacks, Microsoft has put together a special page to assist those who think their PC could be at risk. You can read it here.


Hone your professional skills and advance your HR career; register for the short course Attracting and Retaining Talent to secure the right tech and IT talent for your organisation.

Don’t miss out on more great content like this.


One thought on “There’s no excuse for HR to be in the dark about cybersecurity

  1. Cannot agree with you on this occasion Bianca. It is not our job to manage this issue. We are not trained for it, and it is the job of the company’s I.T department to prevent, manage, and resolve. It would be analogous to getting the I.T Department to take over the management of a HR function, such as recruitment or performance management. HR is getting loaded up with too many functions that are outside of its core competencies, which is diluting its effectiveness. Just as the old saying goes: “When you try to become all things to all people you end up becoming nothing to everyone”

To comment on this article please provide your name and email address. Your email address will not be available publicly.