What does Cybersecurity have to do with your people?
What does the world of HR have to do with cybersecurity? Well, if you’ ve ever had a cybersecurity breach at your workplace, you might have heard of the potential ramifications of those caught up in it. If not, you’ ve almost certainly heard of the recent cyber attacks on M & S and the Coop. This month’ s article discusses the people impact behind cyber-attacks and asks what we can do to prevent and support each other in these situations. suggested, was to reward honesty and encourage people to admit when they’ ve made a mistake, so that lessons can be learned( as opposed to making them a scapegoat). If organisations adopt a culture of psychological safety where employees feel able to speak up without fear of repercussions, then they will more easily identify where the gaps are, e. g. in training, communications, shortcuts and workarounds.
At the recent CIPD Festival of Work event which took place last week at London Excel, one of the keynote speakers was Sarah Armstrong-Smith the Chief Security Advisor at Microsoft and she explained to the audience how security ultimately comes down to people and culture. She went on to describe how a blame culture helps no one and protects nothing. So whilst pointing fingers at staff when it comes to security issues is tempting, it’ s ultimately lazy thinking.
Cyber attackers are really sophisticated. Not just in a tech-savvy way, they’ re also experts in psychology. Their techniques focus on human behaviours, manipulating emotions such as trust, urgency, repetition and reciprocity. As Armstrong-Smith described it,“ I just need to pretend to be someone that you like. If you like that person, you ' re more likely to click.”
So how should leaders and organisations respond? One of the ways Microsoft’ s Security Chief
From an HR perspective, this means helping to amplify the culture beyond the policies and considering the daily behaviour we observe and experience. Supporting, as opposed to shaming people. Encouraging transparency as opposed to rewarding silence. And when it comes to culture, that means being honest about the unwritten rules and truly identifying the sort of behaviour that is tolerated; and when this doesn’ t come up to the mark, calling it out and ensuring boundaries and expectations are clear.
As Sarah Armstrong-Smith said herself,“ the most empowering thing doesn’ t require money. It’ s the ability to say no.” Your staff shouldn’ t be the weakest link, they should be the first line of defence – as long as you give them the trust, tools and culture to be that.
Ruth George- HR Consultant- ruth @ ruthgeorge. com | 07899 920075
© Ruth George HR Consulting. This is not legal advice and is provided for general information only.
18 < Boxmoor Direct < July 2025 <