HR professionals play a central role in an organisation’s preparedness and ability to recover in the event of a data breach or cyber incident.

As the threat landscape develops in the UK, more and more businesses are exposed to the risk of business interruption flowing from an inadvertent cyber incident or a deliberate cyber attack. This article sets out some of the top tips and considerations for HR professionals, pre, during and post incident.

Pre incident

Organisations that commit time, effort and resource in having robust and resilient information and security measures in place to effectively manage their data will be far better placed to contain, limit and mitigate any cyber attack when it occurs. Some of the best preventative actions an organisation can take include:

• Knowing what data you hold, where you hold it, and why you hold it:
  • It is important that an organisation understands why it is holding data (especially, but not limited to, personal data) and how long it should be held for. Ideally your HR team should ensure that HR information systems are subject to robust record retention policies, including retention periods which are regularly audited and checked to ensure these are implemented.  For different categories of employee personal data, understand what legal basis applies to the holding of that data.  For historic records that are not regularly used but require to be retained for a certain duration (eg for employment claims) can these be encrypted and held elsewhere? Ensure all HR systems are subject to rigorous access controls.
• Training and managing your team
  • Ensure that all members of your HR team are familiar with all relevant organisational policies that relate to the use, holding and retention of data – data protection policies, privacy notices, information security and IT use policies, subject access requests policies and processes, records retention schedules etc. But also ensure your team members adhere to strict protocols on how they use and circulate personal data of employees on a daily basis.  For example, avoid having sensitive data sitting in multiple team inboxes or saved locally and limit the circulation of spreadsheets with lots of personal data. Consistent, good data handling can help avoid errors that lead to data breaches but also ensure overall better data hygiene in the event of an attack.
• Ensure your HR team is involved in designing and documenting an incident recovery plan
  • The HR perspective on how to manage a cyber incident effectively is a critical one – from the ability to call upon urgent IT and other internal support over a sustained period to get the organisation back up and running, to ensuing that any plan takes account of very practical issues such as how to contact staff if your IT systems are down.

During a cyber attack - the human impact

During the organisational chaos that will often result from a cyber attack, the very considerable impact on individual employees cannot be overlooked.

• Impact of a cyber attack on employee data
  • Very often a cyber attack will mean employee data has been affected.  HR data is often, by its nature, highly sensitive and employees may be particularly anxious about the personal implications for them if their medical, disciplinary and/or financial and banking data has been compromised.  Ensure that your organisation provides clear, regular updates to staff as well as to customers and other third parties. As an employer you have a duty of care to employees and it is important that you consider how to retain the trust of your staff in what will be a challenging situation.
• Impact on customer facing colleagues:
  • If your organisation regularly deals with customers or the public then during a cyber incident any staff involved in these roles will need extra support. They need to be briefed and trained appropriately in order to handle likely questions and queries, and be supported in the event that they are subject to complaints, demands, upset or aggressive behaviour from third-party individuals who may be impacted by the incident.
• Impact of the any recovery and investigation on colleagues:
  • For colleagues within your IT and information security teams, the aftermath of a cyber incident can require very long hours with significant pressure and stress to contain any issues and get the organisation back up and running. Very often there are immediate internal and external regulatory investigations into the cause and effect of any incident to fulfil reporting requirements to the UK Information Commissioner and other regulators and third parties affected. Unfortunately, both of these activities are reliant upon the input of many of the same colleagues. Having access to additional (often external) IT and cyber support can assist in easing the pressure on internal teams at a critical time. HR teams should also think of other contingency measures around working patterns to avoid key staff being overloaded or burnt out and/or being absent through stress.

Post-incident

• Access:
  • Be prepared that access to internal systems may be slow to be restored and may not be complete for some time. Prior HR input into a properly thought through incident response plan will ideally have identified business continuity measures that staff can implement in order to continue with their work. HR teams can put in place mechanisms to monitor the success of these measures in practice in order to enable staff  to access IT systems remotely or to facilitate on-site working as far as possible in the days and weeks post attack.
• Business as usual:
  • Be mindful of workarounds when systems remain down or only partially operational.  These is a critical period during which efforts to get ‘back to work’ can translate into the (well-intentioned but ill-advised) use of personal email accounts with far less security, unrestricted and unsupervised access to documents, use of Whatsapp for business-critical information etc. HR teams play an important role in ensuring that  compliant working patterns are restored as soon as possible, both within the HR function and across the organisation.
• The wider role of HR:
  • The perspective of the HR team in reporting to the company’s board and senior management is critical to ensure there is a deep understanding of how the organisation is responding to the cyber incident and what can be learned from the human perspective. A well-handled cyber incident can promote great trust and confidence in an employer.  A badly handled cyber incident can potentially destroy it!

Our cyber team is able to assist with any requests for advice and support on ensuring your organisation is compliant, ready and resilient. If you would like to get in touch please feel free to contact Hazel Moffat or Louise McErlean.

Related News, Insights & Events