Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementSecurity Enterprise ServicesSecurity Leadership and Management

5 ways HR leaders can help organizations mitigate insider risk

By Kathy Walen
people working at shared desk

Image via Unsplash

October 25, 2023

These days, human resource department leaders must wear many different hats. From talent acquisition strategist to culture ambassador, from conflict resolver to benefits guru, from legal compliance watchdog to diversity and inclusion advocate, the breadth and depth of their responsibilities touch every box in the company org chart.

Given the expansive and cross-functional role of HR within the organization, it should come as little surprise that security leaders are eager to tap the collective expertise of these experts as they attempt to combat what is perhaps the most challenging and insidious threat that the enterprise faces today: Insider risk. 

Quantifying the human element of risk 

The term "insider risk" represents a wide spectrum of behaviors. Whether it’s a scorned employee who intentionally leaks sensitive company information, a negligent worker who inadvertently exposes critical data, or a well-meaning staff member who falls prey to sophisticated phishing attacks, every potential insider risk incident shares one common attribute: the human element. 

From an HR perspective, people are the engine that fuels innovation in the modern enterprise. HR teams view people as our greatest asset. For security teams, however, humans are often regarded as the "weakest link" in the security chain, as they can be duped by clever social engineering tactics. In other words, it doesn’t matter how good or strong your security systems might be if the individuals entrusted with safeguarding an organization’s most valuable assets can themselves be easily compromised.

Unfortunately, most organizations don’t fully appreciate the cost of an Insider Risk incident until they’ve experienced it firsthand. According to the 2023 Data Exposure Report, the average cost of an Insider Risk event is estimated at a staggering $16 million per incident. More worrying still, over three quarters (76%) of CISOs expect data loss from insider events to increase at their company in the next 12 months.

Further complicating the insider risk calculus is the nature of the modern mobile workplace itself. Employees have grown accustomed to using a mix of personal and corporate-owned devices. They connect from their home, the office and everywhere in between. They also rely on an ever-increasing assortment of web-based services and platforms to collaborate and stay productive. 

Of course, this convenience and flexibility comes with a price – the easier it is to connect, the greater the chance that an employee can either intentionally or accidentally become a future security liability.

5 ways HR can help mitigate insider risk

Because insider risk is fundamentally rooted in the behaviors, motivations and actions of an organization’s employees, it requires a human-focused approach. HR leaders should consider the following five strategies as they look to reduce their insider risk exposure:

  1. Lead with empathy: Humans are not machines. We often make emotional decisions, and sometimes, we make honest mistakes. It also means creating an environment where employees are not automatically blamed when a policy is breached. Take a common scenario, in which a busy employee shares a document to an unsanctioned cloud service. Rather than punishing them, an empathetic approach might instead trigger an alert and share educational materials that remind users about proper data-sharing protocols. Employees who are equipped with the necessary knowledge to understand risks are then given an opportunity to correct their behavior without fear. This allows for an organizational culture that is supportive and understanding, facilitating improved compliance and fostering mutual respect and cooperation between employees, security, and leadership.
  2. Assess, improve, repeat: Minimizing the possibility of Insider Risk requires that we are able to not only identify potential vulnerabilities in our internal processes but also to continuously improve the feedback loop so employees can incorporate these learnings into their day-to-day work routine. This process should begin on day one with an employee’s onboarding, where the importance of security is made abundantly clear. Initial onboarding sessions should focus on clarifying the different levels of data classification, distinguishing between personal and company property as well as between public, restricted, and confidential information. By ensuring that employees are educated early and consistently over time, they will be able to make better decisions regarding what information the company considers proprietary. 
  3. Transparency builds trust: Generally speaking, employees don’t want to feel like they’re being constantly monitored. They value autonomy, independence and self-direction. It’s essential to be fully transparent about organizational data policies not just for compliance but also to foster a sense of trust and mutual respect between an organization and its employees. It also helps in addressing concerns employees might have regarding how their data is being handled, used, or monitored. Moreover, when organizations are open about their intentions and actions, it empowers employees to voice their concerns, ask questions, and suggest improvements. When workers understand why certain policies are in place and how they serve to protect both their own and the organization’s interests, they will be far more likely to adhere to these policies.
  4. Identify early indicators: Mature security teams have learned that recognizing the early indicators of a network compromise can dramatically accelerate the time frame of response — which directly correlates to monetary impact. While internal threats can be more challenging to root out, there are often subtle but telling behavioral indicators that can signal a potential internal security risk. These may include sudden and unexplained changes in work habits, unusually frequent access to sensitive or confidential information, or attempts to bypass security protocols. By closely monitoring these behavioral signals, organizations can gain valuable insights into potential internal threats, allowing for timely intervention. HR can be a partner with security teams to help address these early indicators and raise them up to an employee’s manager.
  5. Connect to protect: Because HR plays a foundational role across every phase of an employee’s work lifecycle — from screening and hiring, promotions and reassignments, through their post-employment departure — they are integral in establishing and maintaining a secure organizational environment. Sitting at the nexus of employee development and training, HR leaders must work closely with their security counterparts to ensure that all employees are properly trained on existing security protocols and know about the latest threats. This partnership is especially critical when an employee or contractor leaves an organization, as HR and security will need to be well coordinated to ensure that access to internal systems is promptly revoked, and that departing individuals aren’t taking any proprietary intellectual property with them.

Given the velocity and dynamic nature of today’s digital enterprise, there’s no doubt that the threat of Insider Risk will only proliferate in the coming years. The HR leaders who are able to appreciate these risks and work effectively with their security teams will not only help safeguard and maintain competitiveness of their own organization, but will also help them maintain their seat at the executive table.

KEYWORDS: employee risk Human Resources human resources security insider risk phishing

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Kathy Walen is the VP of People at Code42.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • ransom-enews

    6 Ways Software Asset Management Can Help Minimize Security Risk

    See More
  • work from home

    3 ways to mitigate insider threats in a distributed workforce

    See More
  • artificial intelligence

    Four Ways Artificial Intelligence Helps Mitigate Risk

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing