Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

General Data Protection RegulationLatest NewsTech sectorHR strategyData protection

Cybersecurity is an HR issue, not just a matter for IT

by Rob Moss 12 Jan 2023
by Rob Moss 12 Jan 2023 Photo: Shutterstock (posed by models)
Photo: Shutterstock (posed by models)

Cybersecurity often feels like IT’s responsibility but HR and their colleagues in L&D are seen as pivotal in the fight against ransomware attacks, as recent cases in the media and communications sectors illustrate.

The Guardian newspaper and website has officially acknowledged that ransomware was to blame for a cyberattack that forced it to close its UK offices and restricted its print and internal IT operations from 20 December.

It has also told employees that those behind the cyberattack had gained access to some personal information of UK employees of the Guardian Media Group.

Staff have only been able to access the newspaper’s offices in King’s Cross, London, on an individual basis with the vast majority being told to work from home until February at least.

In a message sent to employees at the paper on Wednesday, CEO Anna Bateson and editor-in-chief Katharine Viner informed staff that the hack likely resulted from a phishing effort and entailed unauthorised third-party access to a portion of the company’s network.

About 1,500 people work for the newspaper worldwide, with 90% based in the UK. The personal information of the company’s employees in the US and Australia has not been accessed, staff were told.

“We believe this was a criminal ransomware attack and not the specific targeting of the Guardian as a media organisation,” said Bateson and Viner.

There has been no more information released concerning the persons or organisations suspected of being involved, and it is unclear if a ransom demand was made to the Guardian, nor whether any money was paid.

The incident has been reported to the UK’s cyber intelligence agency, as well as the UK police.

Cyber security

What has cyber security got to do with HR?

Payroll services at some firms disrupted after Kronos cyber attack

Five ways HR can improve cyber security

Data protection

Meanwhile, the Royal Mail has this week reported that a cyber “incident” has crippled its international letters and parcels operations.

According to Ciaran Martin, a professor at the University of Oxford and former chief of the National Cyber Security Centre, the “incident” was down to “malicious activity” and was likely to be criminal extortion.

He told the BBC: “You’re locked out of the system and there will be a demand, probably in broken English from a criminal abroad, to pay a lot of money in cryptocurrency for what is called a decrypt key to let you back into the system.” A full investigation of what has taken place would take some time, he said.

The frequency of cyberattacks has significant implications for HR. According to Brian Warszona, UK cyber growth leader at professional services firm Marsh McLennan, “HR is increasingly called upon to help determine and enforce employee data permissions, train and enforce cybersecurity policies and procedures, and help respond to cyber events involving employees.”

Increasing HR involvement

He wrote in a blog that HR’s increased involvement was due to a “more active regulatory environment, the pervasive use of technology and devices in employees’ work, and recognition of the importance of a strong organisational cybersecurity culture”.

Warszona added that employees’ data and security practices were critical determinants of business cybersecurity, with most executives recognising that the largest threat to their organisation’s cybersecurity was employees’ failure to comply with data security rules, not hackers or vendors.

The growing risk of cyberattacks has seen a significant increase in cybersecurity training with searches for “cybersecurity training for employees” rising by more than 110% over the past four years, according to global compliance eLearning provider, DeltaNet International.

Shortage of cybersecurity skills

The surge in demand for cybersecurity awareness training comes amid continuous shortages for cybersecurity skills. This suggested that employers were looking to their entire workforce to be more aware to reduce the likelihood of cyber-attacks.

Jason Stirland, CTO at DeltaNet International, said: “Training employees is a step in the right direction, but the job is nowhere near done. For example, testing employees with phishing simulation messages are integral to the learning process. As a result, IT and HR teams can understand which employees might be a higher risk and therefore require further training and support.

“Employees across the board, from HR to finance, access critical data, so training everyone in the business on cybersecurity awareness issues, from understanding how to spot phishing attempts to preventing data breaches, is vital. Cybersecurity is not just an issue for the IT and security teams in organisations; it’s an HR issue.”

Latest HR job opportunities on Personnel Today


Browse more human resources jobs

Rob Moss
Rob Moss

Rob Moss is a business journalist with more than 25 years' experience. He has been editor of Personnel Today since 2010. He joined the publication in 2006 as online editor of the award-winning website. Rob specialises in labour market economics, gender diversity and family-friendly working. He has hosted hundreds of webinar and podcasts. Before writing about HR and employment he ran news and feature desks on publications serving the global optical and eyewear market, the UK electrical industry, and energy markets in Asia and the Middle East.

previous post
100,000 civil servants to strike on 1 February
next post
What is organisational culture?

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

You may also like

Interserve fined £4.4m following employee data breach

24 Oct 2022

Do your employment contracts address modern legal risks?

11 Oct 2022

GDPR to be scrapped in favour of UK...

4 Oct 2022

Women’s health, the workplace and ‘big data’ –...

19 Aug 2022

Employment law changes for 2022 and beyond: update...

1 Jul 2022

What has cyber security got to do with...

29 Jun 2022

Queen’s Speech: Exclusivity contracts for low-paid workers to...

9 May 2022

Ikea France fined €1m for spying on staff

15 Jun 2021

Goldman Sachs orders staff to disclose vaccine status

11 Jun 2021

Rail staff falsely promised bonus in cyber security...

11 May 2021

  • The Workplace Today Guide: Why it pays to support your staff’s financial health PROMOTED | The cost of living crisis has hit...Read more
  • abrdn pensions master trust: an enhanced member experience PROMOTED | For most people, their pension will be the largest source of income in retirement...Read more
  • How can HR equip leaders to support a wounded workforce? PROMOTED | The World Health Organisation (WHO) has released new guidelines for employers...Read more
  • How HR manages absence and hybrid working (survey) WEBINAR | HR professionals are slowly realising...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2023

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2023 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+