Can HR can lead the way in business data security?

news article

Posted:
Jun 6 2019

“What does HR have to do with data security?”

It’s a common question amongst business leaders and HR professionals alike, and despite a rising public awareness of the importance of both personal and professional data security, many still struggle to understand the impact that HR teams can have on technical compliance within the workplace.

A Personnel Today study reported that nearly half (47 percent) of HR departments do not know when their cyber security was last reviewed, and that only 22 percent have reviewed the people aspects of their organisation’s technology setup within the last year. Despite this, the organisations surveyed stated that the ‘people factor’ constituted the biggest risk to their overall security, yet only one in five (21 percent) were actually working on improving and educating employee technology skills.

Working in an environment where internet access is freely available can also cause frequent security problems. A OneLogin study recently explored the freedom that unrestricted internet access can bring, and revealed that as many as 76 percent of UK companies currently allow a high proportion of their employees free reign when it comes to online browsing. This can often leave businesses and their critical corporate data unwittingly exposed to cyber crime.

The thought of confidential documents and employee personal details falling into the wrong hands is a harrowing one, and unfortunately, many businesses do not have the right security protocols in place in order to provide a higher level of protection. The same OneLogin survey also revealed that 67 percent of companies have not invested in single sign-on (SSO) solutions, and a further 54 percent have not set up a domain name filtering system.

Whilst these could be considered to be technical considerations for IT security teams, it cannot be denied that HR teams can still play an important supporting role in ensuring secure data security processes and procedures within their business.

HR can can really make a tangible difference to compliance and data security levels within their business by creating open, two-way communication channels with other key stakeholders such as IT. This can help to proactively identify and manage risks before the worst can occur.

Why is data security key for HR?

Data protection is now inevitably enshrined in law, and, since the introduction of GDPR, serious beaches can very easily lead to legal action, fines or even criminal procedures from the relevant authorities. Living in a modern, digital world now means that the way we do things has changed irrevocably, as every team or department in the workplace is touched by technology in one way or another. Data leaks can wreak havoc on a company’s reputation and it’s future success, and even a minor data breach involving customer data can cause irrevocable damage.

Most leaks occur through poor data security management, outdated technology applications, poor quality security patches, and employee misadventure. A recent report found that 63 percent of confirmed data breaches occurred because of the use of weak, default or stolen passwords.

With HR now increasingly acting as a gateway between IT teams and the wider employee community, and acting as gatekeepers for the vast majority of company personal and professional data, their involvement in upholding and promoting strict security processes and procedures is non-negotiable.

 What data do HR teams commonly hold?

Modern HR departments can hold a huge amount of information about all areas of their business, including performance and salary data, employment history records, emergency contact details, employment eligibility documentation; such as driving licenses and passport data; and even details of medical conditions and health records.

This information is hugely beneficial, as it aids businesses in measuring performance, identifying skill gaps and recruiting new talent – but simply holding such data can lead to inherent risks. Employee data can be particularly compelling for data thieves, and simply balancing data security with the need for access and analysis is harder than it sounds. For example, even routine business procedures can include passing sensitive information in unprotected spreadsheets, something which has led to a quarter of businesses experiencing a data breach.

 Why are HR teams responsible?

Many people consider IT and data security issues to be a subject more appropriate for IT teams, but the modern reality is that HR are just as responsible for safeguarding and security as their technical counterparts. Data security is now an ongoing part of any employee experience, so the responsibility of management will naturally fall to the department tasked with onboarding, employee training, and company culture.

With HR responsible for implementing data protection policies and procedures, educating the workforce and providing awareness training, they are a natural fit for promoting employee awareness and compliance around data security. Educating employees about basic threats such as phishing scams and password protocol may seem like common sense, but it is surprising how many businesses neglect these obvious areas. Risk assessments can act as a great way to find out if additional employee training is required, and working closely with IT departments to identify potential risks is a key task for HR teams.

What are the top four HR data security threats?

  1. Bring Your Own Device (BYOD) – With employees now working across multiple devices and platforms, the need for a ‘bring your own device’ policy is crucial for the vast majority of businesses, enabling them to control access and security protocol for any device attached to a workplace network.
  2. Mobile applications – In tandem with BYOD policies, most businesses are now aware of the problem of mulitple unauthorised apps, with some taking steps to ban Whatsapp, Snapchat and Instagram access on employee devices during working hours.
  3. Risk of legal exposure – A risk beyond simple data loss or theft is the fact that once data has been mislaid, your business may face legal action from either the employee evolved, or else the relevant authorities.
  4. Lack of awareness – The biggest risk to most businesses revolves around human error, and the greatest danger is related to a lack of education on the part of employees.

How are common pain points dealt with?

 The rise of technology has inevitably led to common pain points for HR teams and the wider employee community alike. One of the most common is the proliferation of employee data, which can often exist in multiple systems, numerous variations, and can often be difficult to correctly analyse. With many employees now geographically scattered, the fragmentation of data is only likely to increase, with some businesses stating that they aren’t even sure what data they have, let alone where it is all stored.

An over-reliance on spreadsheets can also be a common HR pain point, with as much as 25 percent of data stolen or lost internally is in the form of Microsoft Office documents. A poor method for conducting sensitive business processes, the main problems arise from human error skewing data, unprotected spreadsheets being mailed to the wrong recipient, and a general lack of control over security and safety features.

The top four ways to mitigate HR data security risks: 

  1. Perform a solid risk assessment – This should show you where your weaknesses are, and which assets are the most valuable to you. This should act as a solid step towards ensuring better cyber security. This can then allow you to provide tailored cyber security training to employees of all levels and knowledge bases.
  2. Provide robust data security training – Educate employees about the importance of data security, and teach them how they can help your business to stay compliant with legislation through their own, individual role and its resulting responsibilities.
  3. Strictly enforce relevant policies – During your initial onboarding process, emphasise the disciplinary actions that employees who fail to comply with company and legal data policies could face. These should include employment termination, and fines where necessary.
  4. Ensure that employee ‘offboarding’ is satisfactory – Ensure that you have robust policies in place to deal with departing employees, as this can help greatly in minimising the risk of data leakage or theft.

Peter Cheese, CEO of the CIPD, has commented on many areas of cyber security and education within the workplace. He says: “Risk is fundamentally down to how people make decisions and judgements, and, whilst most people won’t do this with malicious intent, businesses can still be left exposed.

“More secure technology is part of the solution, but organisations need to think much more broadly and consider how they are equipping their employees with the knowledge and understanding they need to help to protect their organisation and its data.”

He also said that HR teams would be wise to look at the cultures and systems in place that can lead people to make mistakes that expose organisations to risks, whether that be through a long hours culture, lack of technological tools, or simply poor organisational education.


FREE INFORMATION PACK

Cascade HR Software Brochure.

BOOK A FREE DEMO

Book a demo of Cascade HR Software.

HR SOFTWARE

  • HR

    Cascade’s Core HR solution is a powerful, proactive and dynamic solution that offers a huge amount of standard functionality” from the HR page.more...

  • PAYROLL

    Cascade isn't a HR system with a bolt on Payroll system from another supplier. Cascade is an integrated HR and Payroll solution from one supplier.more...

  • AUTO ENROLMENT

    The module will bring the administratively-complex process of auto-enrolment to life, making it incredibly clear what HR and payroll professionals need to do and when. In turn this will allow each department to retain control over their own tasks at the same time as encouraging legislative compliance.more...

  • RECRUITMENT

    Cascade delivers a comprehensive and powerful recruitment solution designed to reduce administration and ensure best practice.more...

  • ONLINE RECRUITMENT

    Online Recruitment represents the next generation in online recruitment functionality for your organisation's own website.more...

  • EXPENSES

    Employee expenses and mileage claims have now been made even easier to process, saving time and increasing efficiency within your organisation.more...

  • TIMESHEETS

    Gain efficiencies through minimizing costs and maximizing employee time, with zero paperwork and maximum control.more...

  • SELF SERVICE

    Rolling out Self Service to Employees and Managers presents huge benefits to everyone but there are risks.more...

  • TRAINING

    Cascade reflects the need to take each employee and assess their individual training and development requirements.more...

  • WORKFLOW

    Cascade introduces workflows, best practice workflows and authorisation routes to ensure efficiency and guarantee no task is left incomplete.more...

  • MOBILE APPS

    Cascade's Mobile Apps module allows you the HR team and your organisation to engage even further with your employees.more...

Related Posts

Book a free demo

Call 0344 815 5566

Get a Free Info Pack

ABOUT CASCADE HR

Cascade HR is a well-established, award-winning provider of fully-integrated HR and payroll software. The company is renowned as much for its quality of project management and ongoing customer service levels, as it is its dynamic technology. Over 

CONTACT CASCADE HR



Captcha: [recaptcha]