February 15 2017 - If you haven't heard the words cyber attacks, cyber security or cyber crime over the last few years, then where have you been?
The news has been filled with details of cyber attacks on businesses and even households. The methods that criminals are using are increasingly intelligent and as soon
as authorities work out ways of detecting and/or protecting from one method, a new method appears.
Many large businesses have already been impacted. Last year there were incidents reported that Twitter and PayPal, some of the largest websites have been impacted.
This pattern of criminal acts does not look like it will slow down any time soon, despite the
government investing heavily in cyber security and pledging to do so for the next
few years. Cyber criminals are certainly not about to stop what has become a very lucrative method of acquiring money.
If you are responsible for protecting customer or staff data then you must take any measures that you can to protect from data theft. A question that HR workers
often debate is, who is responsible for the protection of data? There is a common perception that this sits in the remit of the IT department, and this is, in part correct.
However, if you work with sensitive data then it is your responsibility to protect that data. Your IT department can install software that will protect your hardware and other
systems as much as they can but often data loss can be through the carelessness of HR personnel or workers in other departments that have not taken the correct measures.
IT should have policies in place in regards to back ups and recovery of files like
sql database recovery for example, but if someone is careless with data then
all the efforts made to protect data from a systems point of view is pointless. This is why the education and training of all staff that handle data is crucial and is highly regulated.
If you work in a HR department then you or your colleagues probably own a number of policies. Depending on the structure of your business, the data protection policies
could sit within your department or you may have people in specialized IT roles that look after the governance of this. Either way, there is still a huge responsibility for both
departments and the business as a whole, to ensure policies are complied with.
The increasing threat of cyber attacks means that businesses are required to invest more time and effort into cyber security. This means additional roles created,
additional training conducted and evidenced and also additional consequences for failure to comply with regulations. If your company needs some advice or help in this area, you
should speak to your regulators if you have any. If you don't have any in your type of work, then you can get lots of information from dedicated cyber security websites that are
provided by the government for businesses to use.