Security Market Segment LS
Friday, 11 October 2019 01:25

Fast-growing companies face cyber security challenges, vulnerabilities Featured


Fast-growing companies face security challenges in overwhelmed HR departments, with a myriad of challenges that didn’t affect them as much when they were smaller – creating pressure which can potentially open up cyber security vulnerabilities while staff are distracted by the various administrative and compliance tasks associated with onboarding and offboarding employees.

To help combat this, fast-growing companies need to be aware of the risk and need to take appropriate measures to address the resulting security vulnerabilities, according to global cybersecurity company Palo Alto Networks.

Steve Manley, regional vice-president, Australia and New Zealand, Palo Alto Networks, said, “Overwhelmed HR departments may not think that cybersecurity is within their remit but, in today’s high-threat environment, keeping the organisation safe is absolutely part of their responsibility”.

“There are various ways HR departments can do this and it all starts with awareness. If HR departments take a blinkered approach that assumes the IT team will take care of security, then the risk of suffering a major breach will increase exponentially. Putting adequate security in place doesn’t have to be onerous; it just takes attention.”

Palo Alto Networks has identified five areas in which it says the HR department needs to act to address potential security threats:

1. HR apps

As companies grow, they need to migrate their HR apps to more robust systems. This opens windows of opportunity for cybercriminals to attack and for confidential employee information to be compromised. It’s therefore essential to build security policies into these migrations and to choose apps that have a proven approach to security.

This can be even more important as HR teams adopt mobile apps that let employees access HR functionality through their smart devices, as this can create a weak link if the device is compromised. The organisation should, at a minimum, require that smart devices with access to HR apps have two factor authentication.

2. Identity and access management (IAM)

As the workforce grows and more employees require remote access to systems, it becomes essential to upgrade IAM control measures to support a larger, more fluid employee base. Responsibility for this should be shared among the HR team, IT, and line of business managers.

Clear communication is required to ensure employees have access only to what they absolutely require to do their jobs, and that access is revoked the moment an employee leaves the organisation.

In a fast-growing company with many employees coming and going, it’s not uncommon for access rights to still be in place long after an employee has left, which opens up significant breach opportunities.

3. Employee onboarding and offboarding

The workload around employee onboarding and offboarding can be complex and burdensome. As well as managing forms and confidential information such as payroll details, HR departments need to ensure that employees have the right tools to do their jobs and access to the right systems.

It’s essential to ensure that employees are provisioned correctly at the start and that they hand back all devices and access when they leave. Managing this process gets more complex as the company grows, as there are more apps and business systems that employees need to access.

An automated approach, such as triggered alerts that are sent to the IT team, can potentially help address this issue and close the security loopholes that occur when the HR team forgets to retrieve devices and change passwords.

4. IT asset access and tracking

Related to IAM and onboarding/offboarding, tracking and managing IT assets is increasingly complex as the company grows. IT can sometimes lose visibility of who is in the organisation and has access to what systems and devices unless the HR team stays on top of this.

Furthermore, while some employees may work part-time and bring their own devices, others may work full-time and have devices provided for them. Ensuring all devices are properly managed and secured is essential to protect company data, so new systems and processes need to be considered to secure important information.

5. IT security training

According to the latest notifiable data breaches report from the Office of the Australian Information Commissioner, 34 percent of cyberattacks happen because of human error, which can include ignorance or laziness.

The most secure organisation is one in which there is a culture of security, and the HR department plays a significant role in setting and reinforcing this culture. IT security training and education must be stepped up to ensure internal behaviour matches the increased risk profile of the organisation. Training must be ongoing and it must resonate with all staff members, and be reinforced through simple measures like gamification.

“Every organisation, regardless of size, is a potential victim of cybercrime. Fast-growing companies can face additional risks because the frenetic pace of growth and expansion can often mean basic security measures get lost amidst the need to move fast and be agile,” Manley said.

“The HR department must be aware of its responsibilities and work with the IT department and line of business managers to help keep the organisation secure during the vulnerable growth phase.”


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments