In a bid to protect organisation and employee data, the Chartered Institute of Personnel Management of Nigeria has called on human resource professionals in the country to drive efforts in cybersecurity and regulatory compliance.
The body made this call during the 17th Special Human Resource Forum, tagged ‘The Role of HR in Cybersecurity and Compliance: Protecting Employee and Organisational Data’, held virtually recently.
The forum had leading expert in HR, cybersecurity, and regulators to chart-way in managing digital risks, emphasising the need for HR to safeguard organisations against data breaches and cyber threats.
While delivering his opening speech, the President and Chairman of the CIPM Governing Council, Mallam Ahmed Gobir, said HR’s roles remains critical in organisation following their access to employee date from onboarding to exit, adding that, the program was necessary to foster a culture of cyber resilence.
“When HR gets cybersmart, the whole organisation becomes cyber strong,” Gobir added.
Guest speaker Executive Coach and Director at Leadership House, Linda Rogers, stressed the importance of embedding cybersecurity knowledge within HR roles.
She advised HR professionals to manage the Joiners, Movers, Leavers lifecycle effectively, ensuring timely revocation of access and implementing measures to prevent phishing attacks.
Rogers also emphasised the ethical use of artificial intelligence, warning, “AI must be aligned with company data policies to prevent exposure and misuse.”
From a regulatory perspective, Dr Ayodele Bakare, representing the Director-General/CEO of the National Information Technology Development Agency, Kashifu Abdullahi, underscored the need for third-party risk assessments and compliance with the Nigeria Data Protection Act.
“When engaging a vendor, conduct third-party risk assessment compliance with government and industrial frameworks, ensuring that a partner does not introduce cybersecurity or data management risks,” Abdullahi stated.
He urged HR to prioritise education on data privacy laws and industry standards through robust training and regular audits to “domesticate NDPA”.
Similarly, acting Chief Technology Officer at Credit Direct Limited, Bashar Babatunde, proposed that “cybersecurity should be a standalone division,” with HR ensuring clear reporting lines to empower cyber functions with authority and visibility.
Vice President of Infrastructure Security at Cloudware Africa, Sandra Ukor, emphasised technical safeguards, stating, “There must be a right encryption mechanism that includes specified data classification.”
The forum called on organisations to appoint Data Protection Officers and position HR at the forefront of awareness, training, and audit initiatives.
