Discovery’s Sats Oosthuizen says that HR in particular needs to be conscious of safeguarding employee data.
Cybersecurity is not something that belongs only to the CIO or IT department. CIOs need to work with other departments, such as HR and finance, to ensure that the entire organisation develops a culture of cybersecurity.
This is the view of Sats Oosthuizen, the deputy CIO of Group Shared Systems at Discovery.
“Without a culture of cybersecurity, your organisation is already at a disadvantage. It's just like ethics. If your organisation does not have a strong culture on honesty and ethical behaviour you are likely to get people committing fraud,” he says.
He further points out that departments like HR have to be made aware of how careful they have to be, considering their systems contain sensitive data. “Therefore, HR leaders should collaborate more by including IT from the beginning of any roll-out, the moment they get these new applications.”
This is even more relevant now that POPIA has been enacted, requiring proper care to be taken of personal data – whether it belongs to customers or to your own staff.
Sats also expresses his concern that all the software that gets used in various departments is not necessarily above board.
“Add that to the fact that HR operates in a market where there is a proliferation of shadow IT in the sense that our HR colleagues use a variety of apps without going through any kind of security vetting, and that is extremely dangerous.”
He acknowledges that IT departments can sometimes come across as holding up progress and innovation, but says that there is a responsibility for both departments to be more vigilant. “Any application that is driven by HR will have sensitive data in it and, because of that, we have to take more precautions.”