6 Ways Employee Comms And HR Can Boost The Cybersecurity Of Their Organizations


Learn how employee communications and HR can strengthen your organization’s cybersecurity. Follow these six proven strategies and stay ahead of the game!

The corporate world’s increased dependence on digital technology has turned company security into a top priority for business leaders—if it wasn’t already.

According to the Gartner 2023 CIO and Technology Executive Survey—which included 2,203 CIO respondents in 81 countries and all major industries—cybersecurity was a primary focus for the year, with 66% indicating increased investments in cyber and information security. Exploits like malware, phishing scams, and other viruses affect everyone, from local family businesses to large corporations. Hackers commit cyberattacks daily, so companies of all sizes must prioritize cybersecurity and invest in measures to protect their data and systems. 

The number of risks to business security increases as technology continues to evolve, and both industry leaders and hackers learn to adapt and use it to their advantage.

As four in ten businesses (39%) regularly become victims of breaches, it’s no wonder that 77% of businesses say cyber security is a high priority. Cyberattacks put revenue, intellectual assets, data, reputation, and business continuity at risk and increase the prospect of regulatory (GDPR) financial penalties.

And while cybercrime is one of the biggest threats businesses face, there is a silver lining. In addition to increased investment in security software, HR and internal communications (IC) departments can have a real impact on helping achieve cybersecurity outcomes. Here are a few ways HR and Comms teams can boost cybersecurity from the inside out.

#1 Communicate Your Internal Cyber Attack Prevention Strategy

Like any crucial internal messaging, you must sustain the communications rather than blast instructions in the midst of an incident. No one will remember the protocol without a steady communications drip throughout the year. The new HP Wolf Security report found that over half of the employees who believe security measures result in a lot of wasted time—also didn’t know what their companies’ security policies were or if they even had security policies. Every employee must know what actions to prioritize before a crisis happens to ensure the swiftest recovery.

Employee communications platforms like Poppulo can be a go-to point for real-time updates and information, ensuring everyone is clear on what to do. That’s especially true for remote employees, who may not have tech support staff to answer questions. Sharing information and collecting feedback will equip your team with thought-out solutions to prevent future attacks and unsafe behavior.

#2 Adjust Your Messaging

Another benefit to employee communications platforms is targeting your message to specific groups of employees within a given department, regional office, or production site. Different teams will face different vulnerabilities if a cyber security threat occurs, so each team needs to know the best way to respond within their department to ensure the entire business’s safety. With effective internal communication, you can tailor your cybersecurity advice and instructions in a relevant, engaging, and meaningful way for each type of user.

#3 Train All Employees on Cyber Security

Among the root causes of cyberattacks, human error is number one—responsible for an estimated 82% of data breaches, according to Verizon’s 2022 Data Breach Investigations Report. Whether it is the use of stolen credentials, phishing, or simply an error, people continue to play a large part in incidents and data breaches alike.

Hackers are constantly developing new tricks and ever-more sophisticated ways of stealing information, so routine cybersecurity training should be integrated into your business operations. Everyone should have at least a basic understanding of safety, security, and privacy fundamentals. Providing training will help all employees know how to implement the best practices for cyber risk management and give them more confidence to know what to do if there is a breach.

How can this be done? HR and the internal communications teams can ensure that everyone is aware of security training assignments, they can send reminders to those who haven’t completed training on time, and they can track engagement with security training messages to identify gaps—such as particular departments or locations with low engagement. 

#4  Incorporate Cybersecurity Into The Work Culture

Cybersecurity is an initiative that requires aligning and working collaboratively across an organization. Organizations usually view cybersecurity as a list of dos and don’ts while online, but it should be more than that. Cybersecurity needs to become part of the broader workplace culture. Telling employees to “be careful” may make them take notice for a minute, but they’ll quickly forget as they move on to their next task. So how do you keep cybersecurity top of mind?

HR teams can drive a security-first mindset by ensuring employees know what is expected of them to keep the organization safe from cybersecurity threats. The IC department can reinforce cybersecurity messages through everyday communications, events, and interactions. Together, HR, IC, and IT enable a security-first mindset among employees through policies, practices, messaging, and communications to ensure that everyone knows their responsibility for protecting the organization and their team members.

#5 Make Cyber Security Engaging

Cybercriminals and the threats they impose are serious matters—but how cybersecurity is typically framed in the context of the workplace simply isn’t that interesting. Comms and corporate training professionals have to walk a fine line between causing panic and creating engagement when it comes to topics like cybercrime. Often, IC and HR departments err on the side of dry and formulaic in an attempt to prevent panic—but that also reduces engagement and retention. While this isn’t necessarily their fault—since most security training is purchased through a third party or designed by IT—they can certainly devise a comms strategy to drive interest in the training among employees. 

Painting a detailed picture for your employees will help them understand the gravity of potential risks and stay alert for anything suspicious. Examples of actual or hypothetical phishing emails can help engage employees’ skepticism or provide a visual aid to answer any lingering questions about what to do in a situation. 

Remember, knowledge is only power if it is retained and actionable through strong communication strategies. 

#6 Manage Employee Data Controls and Access

During the onboarding process, HR is the first point of contact for new hires. It’s HR’s responsibility to define the role the new hire will fill and, therefore, which permissions they need access to. To mitigate some risks, HR professionals can communicate with their IT departments to limit new employees’ access to certain programs, documents, and cloud-based services. Leaders can make specific determinations with each employee by focusing on their role and the information necessary for their job. So—if all else fails—they can’t accidentally give away information to resources they can’t access. 

Strengthening the partnership between HR, internal communications, and IT teams for a more secure workplace will benefit everyone. While you might think IT is more equipped to handle cyber risk management, comms, and HR are the voice of the company for employees—and your teams will look to you first. 

Most of all, it’s crucial to remember that cybersecurity is not just an IT issue. It’s a company-wide concern that must be addressed accordingly. If IT, HR, and internal comms aren’t talking about cybersecurity and coordinating efforts, that’s a clear indication of a large problem within an organization. Each department must play a role in the prevention of cybersecurity, whether that’s ensuring employee training is carried out, or putting together a crisis communications plan in case a breach does occur. The goal should be to create an environment where people understand the importance of data security, know what to do if they identify a security concern, and can implement cybersecurity best practices in their daily work.

Discover the full potential of your Hrtech strategy with our comprehensive Hrtech News and Hrtech Interviews.


Samantha Buftons

President & Chief Operating Officer, Poppulo

Samantha Bufton is the President and Chief Operating Officer of Poppulo, the leading communications and workplace experience software company. Sam is a highly-accomplished business, product, and innovation leader adept at growing global business lines via sophisticated B2C/B2B, product, and technology strategies. Over 20 years of success driving transformational growth for organizations of all sizes.


Please enter your comment!
Please enter your name here