Human Resources Cyber Planning

In nearly any sized organization, Human Resources (HR) is responsible for onboarding and offboarding employees. This task is highly integrated with Information Technology (IT) teams nowadays, requiring user account creations or removals. This task is cumbersome as most organizations don’t just use one platform, but instead have quite a few in use for email, computer login, CRM, and other applications. KnowBe4 states that an average employee in the United States (U.S.) has to manage between 20 to 30 passwords. That’s a lot and even with a password manager, users may still struggle to keep track. Now imagine the task for IT to keep track of those 20 to 30 accounts for every employee, nearly impossible. Proper timing and communication for the onboarding and offboarding of users is a critical component to organizational success and it starts with Human Resources Cyber Planning.

Now, back to the discussion at hand; IT needs to be sure that all 20 to 30 accounts are setup or removed when onboarding or offboarding a user. Furthermore, HR must communicate user changes to IT in a timely manner, especially when offboarding. However, onboarding needs to be communicated as soon as possible as well. Generally, offboarding gets all the attention and while it is critical that all accounts for an offboarding are shutdown swiftly and accurately, onboarding presents companies with loss too. Findings online show complaints on StackExchange where users have been at work for 3 weeks without access. Other complaints on Reddit show users have been waiting for access and computers for months. This downtime not only costs the company monetary loss in wages, but employees get frustrated and some debate leaving the job. Planning and coordination between HR and IT can help solve many of these job complaints, mitigate loss, and protect the organization.

If you happen to work in HR or IT, there are a few things that can be done to help solve these common organizational problems.

  • Talk to HR and IT leads/managers, getting their buy-in and quantifying the loss or risk of not taking action can be a great proponent for approvals.
  • Create onboarding and offboarding plans, call them Human Resources Cyber Planning, IT onboarding and offboarding checklists, or something else fitting, but make it easy to follow.
  • Identify all areas where user account creation or removal is needed.
  • Determine a target goal for how long onboardings and offboardings should take and communicate that with the team(s) involved.
  • Revisit periodically to make sure old applications are removed and new applications are added to the organization’s checklist/plan.

Looking for more cybersecurity guidance? Learn more from other One Page Awareness Sheets.