Top Challenges
Tools to Help
HR managers face a number of challenges when handling shrinking agency budgets and shifting priorities. These challenges are all amplified when combined with attempting to strengthen an agency’s overall cyber posture, including:
While HR professionals have many decisions and priorities to balance in addition to cybersecurity, it can help to break cyber priorities down into predicting, preventing, responding to and detecting threats through these methods. HR mangers can also leverage:
1. Evolving threat agents: One priority for HR professionals is to know the cyberthreat landscape and keep up with the latest types of attacks. Cyberthreats are not just individuals seeking personal gain anymore. They’ve evolved into social, political attacks funded by larger organizations and even nation-states. This makes it even more difficult for HR professionals to help equip agency staff against threats when cyberattacks are getting larger and more unpredictable. 2. Shrinking talent pool: With government agencies already understaffed and an entire generation of boomers getting ready to retire, the pressure is greater than ever on HR managers to recruit and retain highly qualified professionals for cybersecurity. HR professionals will have to be more creative in collaborating with academia and other institutions to build talent pipelines for the cyber workforce. 3. Multiple priorities: In addition to hiring and training for cybersecurity, HR professionals must juggle a number of other priorities in the cybersecurity realm. These include knowing how to identify disgruntled employees and potential insider threats, enforcing regulatory compliance, employee security education and protecting critical human resources data (such as sensitive information of employees).
• Intensified hiring practices: The thorough vetting of employees to defend against insider threats. It’s important to consider additional scrutiny for sensitive roles and to compartmentalize data and access accordingly. HR managers should be sure to minimize access to an agency’s vital data, including when employees shift roles. • Online, anonymous reporting portals: Tools to help employees report any suspicious activity. This is especially important for spotting any disgruntled employees who could become malicious insider threats. Additionally, HR managers should reinforce peer reporting of mounting issues and keep track of any variant behavior in technology use. • Web-based security awareness training: Online educational sessions for employees about key cybersecurity issues, like information protection, password security and mobile security, that can easily be integrated into an agency’s current program. HR leaders can then customize the training, provide communication tools and deliver other services to help meet the agency’s particular security awareness needs and goals. • Social media profiles within the cybersecurity community: Engagement with potential cybersecurity hires that takes demographics into consideration. Agencies should ensure that HR managers set up accounts and profiles across various social media channels. HR managers should then engage young and entry-level talent such as students in college or even high school and create. They should also maintain an active social presence on professional networks like LinkedIn, Twitter and Facebook.
15