In recent years, the workplace has undergone significant disruption, particularly with the shift to hybrid work models. This transition, even for small and midsize businesses, has introduced a range of challenges, from complex cloud configurations to intricate device management. For smaller enterprises, many of which may not have a dedicated IT team or the robust technology infrastructure that larger enterprises enjoy, these challenges can feel even more daunting. Increasingly, HR professionals are wearing a new hat in midsize organizations: IT decision makers, and they are stepping in to manage and navigate these complexities.
As HR’s responsibilities expand, its involvement in addressing the impact of human behavior on cybersecurity is becoming crucial. Particularly with the rise of Employer-Provided Device (EPD) programs, HR teams in midsize organizations are tasked with ensuring that employees not only understand the risks but are also equipped to mitigate them, all while balancing the operational needs of a small business.
Managing Devices in a Hybrid World
Managing a hybrid workforce is especially complex for SMBs. Employees frequently move between personal and employer-provided devices, connecting to a mix of secure and public networks. This dynamic can expose businesses—especially smaller ones without advanced security measures—to greater risks.
For example, an employee in a small business might connect their device to an unsecured public Wi-Fi network at a coffee shop. If that device is compromised, the malware could follow them when they reconnect to the company’s network, creating a potential breach. This threat is heightened for small businesses that may lack comprehensive device management tools to detect and prevent such issues.
Additionally, hybrid work environments open the door for social engineering attacks, where threat actors exploit human vulnerabilities. According to this year’s Data Breach Investigations Report (DBIR), more than two-thirds (68%) of breaches involve the human element. With employees moving between devices and networks, particularly in businesses with limited IT oversight, attackers can find more opportunities to exploit vulnerabilities.
Training Goes a Long Way
For small businesses, cybersecurity training is not just a luxury—it’s a necessity. Since most breaches contain the human element, proper training can significantly reduce the risk. HR departments, which often oversee training and compliance, are vital in ensuring that employees are aware of cybersecurity best practices. This is especially important for small businesses that may lack dedicated cybersecurity teams.
While it’s true that IT experts understand the intricacies of cybersecurity, HR plays a key role in making sure employees are trained to avoid common pitfalls. Even for businesses without the budget for advanced technology, basic cybersecurity training—such as spotting phishing attempts or understanding the risks of unsecured networks—can go a long way. Educating employees on these simple but critical aspects of security can greatly reduce preventable mistakes.
Though training can’t completely eliminate the risk of social engineering, it can dramatically reduce its likelihood. Employees trained to recognize common tactics like phishing, vishing, or business email compromise (BEC) are less likely to fall victim, which is a game changer for smaller businesses.
The Case for EPD
Many small businesses use BYOD (Bring Your Own Device) policies out of convenience, but these can significantly increase cyber risks. A whitepaper by Verizon and Oxford Economics shows that over a third (36%) of executives acknowledge that BYOD policies offer limited control over personal devices, and small businesses are no exception.
Employer-Provided Devices (EPD), on the other hand, can offer better control and security. The same study found that 83% of executives see EPD programs as superior for managing security on mobile devices connected to company systems. However, fewer than a quarter (22%) of organizations provide company devices to most employees, and many small businesses stick to BYOD because it seems easier or more cost-effective.
For small businesses, transitioning from BYOD to EPD can actually be simpler than it seems. Unlike large enterprises that might face complex logistical challenges, small businesses can often make this transition more smoothly. Beyond security, EPD can also serve as a perk that helps attract and retain talent—a critical concern for small businesses competing for top employees. HR plays a pivotal role in both the operational aspects and the employee satisfaction benefits of such a transition.
The Growing Versatility of HR
As small businesses increasingly adopt new technology, the role of HR continues to evolve. While HR has always been focused on personnel management, it now has a growing role in cybersecurity and technology management. For smaller organizations without large IT departments, HR often serves as the bridge between employees and the technology they use, helping to mitigate risks and ensure that best practices are followed.
The rising impact of human behavior on data breaches, combined with the adoption of hybrid work models and EPD programs, highlights the growing responsibilities HR holds in small businesses. Whether ensuring compliance, providing cybersecurity training, or managing device policies, HR professionals are key players in shaping the future workplace—especially in environments where resources are more limited. HR’s expanding role offers an opportunity for small businesses to improve security, optimize operations, and enhance employee satisfaction.
John Constantino is the Vice President at Verizon Business.
Technology management stock image by PopTika/Shutterstock