Planning your 2017 HR Strategy: Cyber Security in the Workplace

As Christmas draws ever closer, it is timely to review the HR issues that have arisen for your organisation during the course of 2016 with a view to planning your strategy for 2017.

The Employment Team thought it would be helpful to prepare a series of Insights to highlight some of the major issues in employment law that have dominated during the course of the last 12 months and will continue to do so. These are the areas which should form part of your HR strategy for 2017.

In the first of this series, we look at the major challenge of cybersecurity in the workplace.

The use of social media in the workplace has now become the norm and indeed it is an important and useful business tool. There are now over 450 million registered users on LinkedIn with two new members every second. Similarly, Facebook has seen an increase in active users to 1.71 billion which is a 15% increase on the 2015 figure. Staggeringly, 31 billion minutes per day are spent on Facebook and much of that is during working hours. Twitter has 284 million active users with over 500 million tweets per day. Social media and the use of technology is here to stay and businesses must embrace it or be left behind. However, it brings with it challenges and cybercrime is undoubtedly one of those challenges.

Cybercrime is the fastest growing industry in the world with an annual cost to the global economy of over $400 billion. Businesses must approach the issue of cybersecurity and cybercrime from the assumption that they will be subject to a successful cyberattack and therefore all business must have an Incident Management Action Plan in place in advance. Ireland is seen as a prized target for cybercriminals given the large presence of US multinationals and tech companies here. On the flip side, Ireland is also home to the world’s top five security software firms and is viewed globally as a cybersecurity practice and innovation hub. However, inadequate training of staff on cybersecurity risks is often a factor identified as one of the main challenges for employer’s cybersecurity. In September 2016, the Central Bank issued their Cross Industry Guidance in Respect of Information Technology and Cybersecurity Risks and, while that document focuses on the financial sector, it is a very useful document for all business owners and HR professionals to review with a view to putting a cybersecurity action plan in place. That document highlights that is it no longer sufficient to leave the issue of cybersecurity to your IT Department and it is important that roles and responsibilities within the organisation in managing IT risks and emergency and crisis decision making are clearly identified, documented and communicated to all staff.

The law is not keeping pace with technological developments and that is providing a practical challenge for employers in dealing with employees who are using social media on a daily basis. However, the introduction of a Social Media Policy and training for all staff on cybersecurity issues is vitally important and is the first line of defence in any cybersecurity strategy.

Equally, the issue of ownership of accounts and contacts is something which employers are finding increasingly challenging and the only way to deal with that is in contractual clauses and policy documentation. Remember that LinkedIn’s own terms and conditions state that ownership of a LinkedIn user account remains with the individual. Therefore, in order to override that, an employer must have in place contractual clauses and policy clauses dealing with contact databases built up during the course of employment. Restrictive covenants which include a non-solicitation and non-dealing element are vital in this regard particularly for your key and senior members of staff.

The security of data is a major issue now with the General Data Protection Regulations due to take effect in May 2018. Cybersecurity must be at the top of your HR strategy agenda for 2017.

Action plan – Review your cybersecurity strategy and put an Incident Management Action Plan in place. Review or implement a Social Media Policy setting out expectations and rules and regulations for all staff and make sure that it is effectively communicated across the organisation.

For more information on the content of this Insight contact: