HR holds an enormous amount of personal information about their employees; including personal demographic information, employment history, salary information, emergency contact details, employment eligibility documentation e.g. copies of passports. In certain circumstances there might also be health records. Whilst this information is important in itself, simply holding has significant risks. And holding it in digital format actually makes it easier to steal in many ways. Employee data is very attractive to hackers (as it allows them to both set up fake profiles to take out fraudulent loans but also endangers the actual employee and their bank accounts). Therefore, it is important to use a new HR platform that encrypts all data both in transit and at rest. It is a simple way to ensure that the data held isn’t easily exploited.
How can HR contribute to protecting personal data?
Many aspects of data security falls to the IT department – technical protection of the company network infrastructure, for example. But managing cyber risk is now an ongoing part of any employee’s day to day experience. HR’s job is to onboard and train everyone within the organisation. And this task is now so important, it isn’t just something that should occur in the first week as part of induction, but should be ongoing with regular updating. One obvious first place to update everyone is on the use of secure passwords. Using a strong password is very important and no one should be using the same password for multiple accounts or platforms.
Why is the ‘insider threat’ so important now?
While we have layers of defence to stop the unauthorised from gaining access to systems that hold personal information, those inside the organisation already have access and can misuse it. Training, monitoring and the threat of disciplinary procedures should stop this while someone is an employee. Many organisations don’t have strong exit procedures and, when an employee leaves an organisation, they often are still able to access sensitive information and platforms.
What are the top four HR data security threats?
1. Legal Risks
A great deal of sensitive personal information is held by HR (hopefully in a secure platform). But once data has been mislaid, your business may face legal action from either the employee evolved, or else the relevant authorities. HR should have a strong understanding of GDPR, and the possible large fines for their organisations.
2. Bring Your Own Device
With employees now working across multiple devices and platforms, the need for a ‘bring your own device’ policy is crucial for the vast majority of businesses. This enables them to control access and security protocol for any device attached to a workplace network. This danger is compounded by working from home during lockdown, where the normal security protocols for accessing networks is stretched and compromised by running over public internet.
3. Mobile applications
In tandem with BYOD policies, most businesses are now aware of the problem of shadow IT, which is the use of many unauthorised apps. Employees use and some even share company and personal-sensitive information over platforms that are not approved by the company because it these apps are very easy to adopt.
4. Lack of awareness
The biggest risk to most businesses revolves around human error, and the greatest danger is related to a lack of education on the part of employees. It is important to train employees regularly not to click on links that they aren’t totally confident in.
Looking for a partner?
As an official Value Add SMB Distributor for Microsoft Dynamics we promise:
- Free service
- 70+ certified partners
- All verticals covered