Security Market Segment LS
Friday, 11 October 2019 01:25

Fast-growing companies face cyber security challenges, vulnerabilities Featured


Fast-growing companies face security challenges in overwhelmed HR departments, with a myriad of challenges that didn’t affect them as much when they were smaller – creating pressure which can potentially open up cyber security vulnerabilities while staff are distracted by the various administrative and compliance tasks associated with onboarding and offboarding employees.

To help combat this, fast-growing companies need to be aware of the risk and need to take appropriate measures to address the resulting security vulnerabilities, according to global cybersecurity company Palo Alto Networks.

Steve Manley, regional vice-president, Australia and New Zealand, Palo Alto Networks, said, “Overwhelmed HR departments may not think that cybersecurity is within their remit but, in today’s high-threat environment, keeping the organisation safe is absolutely part of their responsibility”.

“There are various ways HR departments can do this and it all starts with awareness. If HR departments take a blinkered approach that assumes the IT team will take care of security, then the risk of suffering a major breach will increase exponentially. Putting adequate security in place doesn’t have to be onerous; it just takes attention.”

Palo Alto Networks has identified five areas in which it says the HR department needs to act to address potential security threats:

1. HR apps

As companies grow, they need to migrate their HR apps to more robust systems. This opens windows of opportunity for cybercriminals to attack and for confidential employee information to be compromised. It’s therefore essential to build security policies into these migrations and to choose apps that have a proven approach to security.

This can be even more important as HR teams adopt mobile apps that let employees access HR functionality through their smart devices, as this can create a weak link if the device is compromised. The organisation should, at a minimum, require that smart devices with access to HR apps have two factor authentication.

2. Identity and access management (IAM)

As the workforce grows and more employees require remote access to systems, it becomes essential to upgrade IAM control measures to support a larger, more fluid employee base. Responsibility for this should be shared among the HR team, IT, and line of business managers.

Clear communication is required to ensure employees have access only to what they absolutely require to do their jobs, and that access is revoked the moment an employee leaves the organisation.

In a fast-growing company with many employees coming and going, it’s not uncommon for access rights to still be in place long after an employee has left, which opens up significant breach opportunities.

3. Employee onboarding and offboarding

The workload around employee onboarding and offboarding can be complex and burdensome. As well as managing forms and confidential information such as payroll details, HR departments need to ensure that employees have the right tools to do their jobs and access to the right systems.

It’s essential to ensure that employees are provisioned correctly at the start and that they hand back all devices and access when they leave. Managing this process gets more complex as the company grows, as there are more apps and business systems that employees need to access.

An automated approach, such as triggered alerts that are sent to the IT team, can potentially help address this issue and close the security loopholes that occur when the HR team forgets to retrieve devices and change passwords.

4. IT asset access and tracking

Related to IAM and onboarding/offboarding, tracking and managing IT assets is increasingly complex as the company grows. IT can sometimes lose visibility of who is in the organisation and has access to what systems and devices unless the HR team stays on top of this.

Furthermore, while some employees may work part-time and bring their own devices, others may work full-time and have devices provided for them. Ensuring all devices are properly managed and secured is essential to protect company data, so new systems and processes need to be considered to secure important information.

5. IT security training

According to the latest notifiable data breaches report from the Office of the Australian Information Commissioner, 34 percent of cyberattacks happen because of human error, which can include ignorance or laziness.

The most secure organisation is one in which there is a culture of security, and the HR department plays a significant role in setting and reinforcing this culture. IT security training and education must be stepped up to ensure internal behaviour matches the increased risk profile of the organisation. Training must be ongoing and it must resonate with all staff members, and be reinforced through simple measures like gamification.

“Every organisation, regardless of size, is a potential victim of cybercrime. Fast-growing companies can face additional risks because the frenetic pace of growth and expansion can often mean basic security measures get lost amidst the need to move fast and be agile,” Manley said.

“The HR department must be aware of its responsibilities and work with the IT department and line of business managers to help keep the organisation secure during the vulnerable growth phase.”


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments