Search
Close this search box.

The Enemy Within

There isn’t a day goes by now when we don’t hear about the implications for people of data loss

One of the greatest challenges for Jacqui Summons – Group HRD of Clearswift has been to understand the real challenge of Cyber Security and how HR has a part to play in meeting this challenge. Here Kim MacNamara – HR Recruitment Director of Ashley Kate HR questions her experiences further.  

Tell me about you and your role/firm?

I am currently working as the Group HR Director for Clearswift. This follows a 30 year career in HR starting as a graduate trainee with the London Electricity Board (now EDF Energy) and then incorporating roles in GSK, Standard Chartered Bank and Accenture. In more recent years, my career has become more of a portfolio career, mixing some permanent roles, generally in small Private Equity backed businesses with interim HR roles and coaching contracts. I have very much left behind the large multi-national corporate world but feel that it provided the very best grounding possible for recent roles, which are often highly demanding, requiring thinking on one’s feet without too much resource to play with!

What key HR initiatives are you working on?

Much of my role is typical of any growing small business. I have the daily challenge of ensuring that we start to build the processes and practices which a big, small company needs without hampering the innovation which sets us apart as a nimble, smaller business within our field. This is a fine balancing act in our ever increasing world of regulations.

One of the major challenges for me is recruiting people with the expertise we require to build the best products in the field of cyber security (Clearswift provides products that protect critical information), People in this area are hard to find and sometimes will opt to work for a big brand, not a growing business. More work is needed to “sell” the business to potential employees. This is where an innovative environment is critical and we have now introduced ‘ChooseDays’ for R&D where they can ‘choose’ to work on something that interests them. We have a wonderful culture at Clearswift and often people see that they will have an excellent time here and this helps to overcome this issue.

What are the challenges?

One of the greatest challenges for me joining Clearswift has been to understand the real challenge of Cyber Security and how HR has a part to play in meeting this challenge. Before joining Clearswift I was as guilty as any HR leader thinking that cyber security was something that IT functions took care of and was mostly about password control and malware protection. I have come to realise that the threat facing many SMEs is around protecting information and the danger of employees (or contractors) deliberately or accidentally taking critical data. This threat from inside, “The Enemy Within” turns out to be much greater than the major hacking events reported in the press, which while very important just don’t happen as often as someone sending information to someone that they shouldn’t have – even if it was accidental.

How have you overcome them?

Now I have got my head around this, my challenge internally is to ensure that we have processes and policies which are supported by the products we deploy. I now feel a strong need to “spread the word” amongst other HR professionals (or as the American’s would say, I have drunk the Cool Aid and am now a convert!). When critical data is lost accidentally or deliberately the fault may lie with IT systems, but the mopping up after the event is likely to fall clearly in the lap of the HRD! Data Loss is something that affects the company, especially if your organization ends up on the front page of the paper, but it also effects people across the organization. Having a plan in place to deal with such incidents, whether malicious or inadvertent is critical. This plan has to be communicated out – before the incident, not after. It’s a little like the fire alarm drill which is a critical for the safety of personnel, but is also part of business continuity. Today, information is the lifeblood of an organization, no matter how big or small, and they need to be prepared to deal with incidents – should they occur.

Why is it important that firms focus on your topic?

There isn’t a day goes by now when we don’t hear about the implications for people of data loss. We all put so much data into the hands of others that we trust and when it turns up in a way that we don’t intend or expect, the ramifications can be terrible. It’s not just credit card or bank details, but also Intellectual Property (IP) and for us, our IP is our future, so needs to be protected (along with customer details and HR information.) From a HR perspective, the ripples of these events are considerable and I feel that companies, regardless of their size need to ensure the right information only goes to the right person – both inside and outside the organization. When you think about documents today, along with the obvious information you can see, it is often hidden information that can cause the problems, all those comments and tracked changes for revisions which should never end up in the wrong hands. Furthermore, there are now so many ways to communicate, corporate email is the obvious one, but people also look to use personal web based email, social media, cloud collaboration sites and even just copying files onto a USB stick. With the advent of BYOD (Bring Your Own Device) it is not just technology that is required, but also policy and communication of the policy which also has to change. All too often, there is a fallacy that “it won’t happen to me!”, when actually the HRD can help by being proactive and asking questions on how well protected you are with all these changes – and then making a real difference to protecting the organization. Graduates are always interesting to talk to, as they are the ones who push the boundary on devices and applications they use to communicate and collaborate and then ensuring that the policies support both the business and them in the way they want to do business.

What have you learnt from your role?

A lot! I am still not an expert in technology but I think I now have an understanding of some of the risks that face all businesses in the area of critical information protection. I now know that I can’t take it for granted as success in this area requires cross business collaboration. There is a real need to work hard to ensure that products and systems are in place in any business to safeguard the key business asset – information. I know that my role as a HR Director is not to assume that this is in place, but to take it upon myself to make sure that it is. I also know that the world is changing rapidly, this isn’t “set and forget”, it needs to be regularly reviewed. Take the Sony breach last year, it was the content of email with some irresponsible comments in which ended up doing the most damage to their business. I’m sure that Sony has revised its policy on acceptable usage of email!

Advice I can give: – I would add this bit as advice to readers to get something from it

–  Review your HR policies in relation to all aspect of data and its security (when you sit down with all your managers you will be enlightened to all the different types of data in your organisation which you didn’t know existed).

–  Incorporate clear and unambiguous terms into your contracts of employment.

–  Communicate fully and ensure everyone is clear about their roles and  responsibilities.

Future plans?

One of the joys of working in a hi-tech company who are on the bleeding edge of information security is that there is never a dull moment. It is unusual for an HRD to be consulted on product design, but because information security also affects people that is often the case, and it is also true when it comes to our Professional Service offerings. Working at Clearswift has given me a different set of understandings that I hadn’t really thought about before. I like to learn and then to apply it – that is what I look for in my everyday life.

Clearswift provides products that protect critical information, located at the heart of our connected world where 100% visibility of critical information is essential. As organizations struggle with widely varying legal, regulatory, cultural and social expectations Clearswift has the expertise and the automated security tools to protect personal and Intellectual Property data, whilst simultaneously enabling our customers to take advantage of the potential growth opportunities that this new connected and mobile world can offer.

Read more

Latest News

Read More

AI’s Impact on the Workplace: A Survey of American Managers

27 March 2024

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

University of Cambridge – Judge Business SchoolSalary: £32,332 to £38,205 pa, pro rata

University of Cambridge – Judge Business SchoolSalary: £29,605 to £33,966 pa, pro rata

University of Oxford – Blavatnik School of GovernmentSalary: Grade 5: £28,759 – £33,966 per annum (with a discretionary range to £37,099)

Software Development Director (Exec Team Seat). Remote Working with Ellesmere Port Office-Based Minimum 1 Day Per Week. + Contribution towards membership fees. £120,000 – £140,000

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE