What Do HR and Psychology Have to Do With Cyber Threats?
What Do HR and Psychology Have to Do With Cyber Threats?

Where is the Real Threat?

In the internet world festooned with apps we know it’s important to use strong passwords to secure our own email, social media accounts, and electronic devices. On the corporate side, another important consideration is the role that humans play in cyber threats. People with access to big data, personal information, intellectual property (IP), and critical infrastructure (e.g., power supplies, water treatment, hospitals, railways) can sometimes be the weak link in the chain.

HR as Part of Risk Management

Person and Binary Computer CodesFor a while, I’ve been thinking about cyber crimes and cybersecurity and how to adapt what I learned and applied when I worked in a very secure (Top Secret) environment. In that workplace, we were extremely careful about how people were hired. Also important was how they were treated after being hired. I call my adaptation of those processes and policies “HR as Part of Risk Management.” I’ll admit that this may not be a stylish title but it does address something that most approaches to risk management are missing.

Employees: Often the Weakest Link 

Ominous Dark Buildings

Consider a 360-degree Solution

Traditionally, risk management includes “human factors” but to date, relatively little attention has been paid to this source of risk. Normally, 90% of our collective efforts have focused on technical or IT-related interventions to protect us from cyber threats. Yes, these are important. However, to focus on them and not address the human element, psychology or employees’ behaviour is like locking the front door but leaving the back door open. The fact is that sometimes security breaches reported as cyber attacks are caused by actions that take place inside the organization. As Dermot Williams, the CEO of  IT security firm Threatscape says, “when it comes to organizations, often the employees who are the weakest link.”

Although I have a lot more to say on this topic, for now, I’ll share an article that I wrote called Is Cyber Security Alone Ever Enough?, published in FrontLine Security in October 2016. Take a few minutes and read.







If you’d like to see my more recent articles/podcasts on this topic, here are some updates:

Corporate Security Hinges on its People

Sources Of Insider Threats: They’re Not Always What You Think …

The Insider Threat Podcast


Contact me by email, phone, or via direct message on Twitter, Facebook, or LinkedIn if you’d like to discuss any of these topics or consultations in more detail.


More than career coaching, it’s career psychology®.


I/O Advisory Services – Building Resilient Careers and Organizations.™


Easily share this article using any of the social media icons below.Save

Latest Posts

What do HR Departments do?

What do HR Departments do?

During a recent chat with some new university graduates, we discussed the function of a Human Resources (HR) department. In the midst of that casual conversation, it occurred to me from their comments that while I have 20+ years of understanding of what goes on in the HR department, younger people who are just starting out might have no idea at all.

The Hidden Realities of Frenemies at Work

The Hidden Realities of Frenemies at Work

On the surface, frenemies might appear supportive and friendly, but their actions or words can subtly or overtly undermine, sabotage, or criticize. This kind of relationship can be particularly complex … When this happens at work, where one’s livelihood is at stake, it can be especially difficult.

Post-Pandemic Physical Return-to-Work Mandates? (Part Two)

Post-Pandemic Physical Return-to-Work Mandates? (Part Two)

In my last post, More Post-Pandemic Return-to-Office Mandates? (Part One) I talked about some of the positives of a physical return-to-work (or reduced remote work). This week I’ll look at some of the trickier aspects and why working at home is so much better for some — plus some of the benefits of a hybrid work arrangement.

More Post-Pandemic Return-to-Office Mandates? (Part One)

More Post-Pandemic Return-to-Office Mandates? (Part One)

Once buzzing with life, the modern office is often quieter in today’s post-pandemic world – despite return-to-office (hybrid) mandates or the threat of these mandates.

With many employees still working remotely or hybrid, desks remain vacant. A new challenge has arisen. Despite research published by the Harvard Business School and Fortune Magazine showing that remote workers are more productive, some employers claim that in-office work boosts productivity. A tug-of-war has emerged between management eager for a full (or at least hybrid) return to work and employees cherishing the flexibility of working remotely.