Privacy in the workplace: cyber security and HR

With more than 14 million internet subscriptions, much of Australia is now spending a large proportion of time online both at home and in the workplace.

The implications of online behaviour on your organisation’s HR needs are extensive and, to make matters more complicated, they’re changing every day. The recent allegations of Russia’s influence on international elections, as well as the Facebook/Cambridge Analytica scandal, have brought cyber security to the forefront for individuals and businesses. Perhaps the best indication locally that cyber security is gaining prominence is the enormous increase in interest by high school graduates in Edith Cowan University’s renowned cyber security stream.

Fairfax media reported in January that cyber security related courses at Edith Cowan University experienced the biggest increase in interest of any university study in WA, with triple the amount of preferences compared to 2017.

But what implications does this have on your business, and what rights do employees have with regard to their work emails, internet browsing history or use of business property at home?

How cyber security can impact your business

Online security breaches occur daily, with a 2016 report by Telstra highlighting that 81% of businesses believe they may have been victim to data breaches.

All businesses should therefore assume that a data breach of their systems is likely to happen and be sure to incorporate this into their crisis and HR management planning.

“It is a fact of life now that all businesses are at risk of data breaches, leaks or unsolicited sharing of confidential information,” said WCA Solutions’ principal Heather Warner.

“In the majority of cases these breaches are accidental, although the Telstra report shows in 60 per cent of cases employees are deliberately targeted by outsiders and in 50 per cent of cases the breach is instigated deliberately by a malicious employee.

“Without a doubt, employees are your most valuable asset, but when it comes to cyber security they can also be a business’s largest liability.”

Heather suggests a multi-pronged approach to mitigate cyber security risks.

“Regular staff training on IT matters and cyber security cannot be underestimated – ensuring your staff have the knowledge to avoid inadvertently being targeted can go a long way to reducing the risk to your company.

“In addition, having robust HR policies and procedures in place to identify and manage disgruntled employees, and acting on those effectively if a breach is suspected or confirmed, is now integral.

“It’s vital HR and IT work together to both understand the potential for breaches, weak spots in the system and the employees who are most likely – knowingly or unknowingly – to cause problems.”

Employee rights

Not to be forgotten in the desire to protect business security are the rights and needs of your employees.

High speed internet, access to cloud services and access to laptops and mobile devices outside of the workplace are now all common expectations for employees in a range of industries.

“Once again, your human resource team need to work closely with IT to manage security for those employees who are working offsite, or undertaking work from home,” Heather said.

“Employees working from home will usually utilise their own internet service provider, their own antivirus technology and may email themselves work to finish after hours, which contains sensitive information.

“The role of HR in cyber security is to find that difficult balance between the employee’s right to request flexible working arrangements and their need for autonomy in their role, while also protecting the business from malicious attacks, data leaks and viruses.

“Business owners and managers must anticipate they will experience a cyber security breach. My advice is to proactively prepare for that now by bringing HR and IT to the table and devising ways to reduce risk, detect anomalies, train employees and deal with breaches quickly and effectively.”

Contact WCA – People & Culture Solutions if you require any assistance with your staff training and policy/procedure requirements on (08) 9383 3293 or