While nurturing a safe and secure environment for staff has always been central to business success, this pursuit has become increasingly difficult in recent years. Somewhere between a 7 percent increase in property offenses, an almost 20 percent rise in cases of retail theft, and close to a 40 percent increase in cyber-attacks, teams have had to adapt their threat prevention capabilities.
For both small and enterprise-level businesses, proactively protecting people and assets has become a continuous process, requiring frequent updates and adjustments made to existing security measures to reasonably mitigate threats. While much of these efforts are performed by security professionals, HR staff play an important role in ensuring solutions work correctly.
As commercial security systems become more advanced, more training is required to ensure staff operate essential tools safely. For teams to defend against modern criminality, leaders must understand HR’s role in continuous training to stay ahead of emerging security threats.
What is HR’s Role in Security?
To understand the importance of HR concerning threat prevention, we must discuss how HR professionals support security teams in the design and implementation of protective measures. While security officials are well-positioned to design effective security measures, it’s HR leaders who will be responsible for ensuring employees operate systems effectively.
HR professionals uphold business security practices through:
- Recruitment – Ensuring new hires meet the organization’s standards and pose no threat to the company about criminal records or previous grievances.
- Cybersecurity – With 74 percent of US companies offering some form of hybrid work, HR teams must be able to ensure staff access and utilize key company assets safely.
- Investigations – If violations of security codes or criminal incidents are suspected, HR professionals will be responsible for leading investigations into these situations.
- Staff training – As a conduit between business leaders and general employees, HR teams must translate security information into actionable and easily understood rules.
The Importance of Continuous Training
While digital transformation and the continued adoption of smart solutions have helped many businesses optimize their operations, the implementation of novel technologies can come with some significant downsides. Primarily, malicious actors have unprecedented access to tools and information that could be used to harm businesses and steal sensitive information.
Research suggests that a new cyber-attack is detected once every 14 seconds, with viruses, ransomware, and other malicious software constantly evolving to circumvent existing security measures. This same principle can be applied to physical security threats, with criminals finding new ways to exploit business security policies and manipulate unsuspecting workers.
Experts at Stanford University found that 88 percent of security breaches suffered by commercial organizations are caused by some degree of human error. Contributing factors include the 83 percent of Americans who use weak passwords, the 42 percent of employees who admit to opening unverified links in emails, and the 47 percent of people who regularly use unsecured public Wi-Fi.
To reliably prevent security incidents exposed by these practices, HR teams must commit to continuous training programs, helping employees stay ahead of emerging security threats.
Key Considerations for Continuous Security Training
For HR professionals to carry out effective continuous training programs, teams must identify the key security threats facing their organization. While digital and physical security practices are becoming increasingly converged, it can help to separate these principles to some extent when it comes to security training, to simplify guidance for general employees.
With this in mind, below are a range of key physical and cybersecurity best practices for HR professionals to consider when designing and implementing continuous training programs.
Physical Security Considerations
- Access control – Policies must be in place outlining the safe use of access control systems, including how staff are to use and store personal credentials. Implementing a commercial door entry system with keyless entry capabilities should be considered, as credentials can be stored and encrypted on staff members’ smartphones, removing the risk of lost or stolen physical key cards or fobs.
- Tailgating – In relation to access control, staff should be frequently trained in how to spot and prevent tailgating incidents. When using access readers, staff must be told to check that no unauthorized persons have followed them into secure areas, while visitor management systems must be in place to issue guests temporary credentials.
- Emergency preparedness – Continuous training should cover emergency response plans for all common threats, including evacuation, active harmer, natural disaster, and lockdown protocols. Staff must know where to find written documents covering these policies and updates to any of these plans must be communicated immediately.
- Threat identification – Employees must be made aware of how to identify and report suspicious activities with speed and efficiency. Can staff report incidents via a secure messaging platform? Do they know who to report specific threats to? Are automated alarms or panic systems in operation and do staff know how to use these systems?
Cybersecurity Considerations
- Social engineering – Social engineering is involved in 98 percent of cyber attacks, staff must be continuously reminded to never open unknown links in emails, never download unverified email attachments, and to contact internal cybersecurity teams if they receive suspicious communications sent to their business email accounts.
- Password security – Over 60 percent of people use the same password across multiple accounts, continuous training should cover how to create strong passwords and the importance of regularly changing passwords, as well as how to implement advanced protections like multi-factor authentication and data encryption software.
- Network security – Especially important for hybrid and remote workers, staff must understand the risks associated with unsecured public networks. Business accounts and company-owned devices should never be connected to public Wi-Fi networks, Virtual Private Networks (VPNs) must be used to protect sensitive data and workers must be told to never access business-related software from personal computers.
Summary
As common threats facing commercial enterprises continue to evolve, HR personnel must commit to continuous training programs designed to protect employees from security risks. By regularly liaising with security teams to identify and analyze emerging threats, HR teams can develop effective training programs capable of strengthening existing security postures.