In an era where cybersecurity regularly makes the headlines and data is increasingly valuable, it’s often IT professionals who take the spotlight. While tech pros are certainly critical to information security safeguards, they aren’t alone. Your HR department can and should play an important role in protecting the sensitive data your business houses. Their involvement can make all the difference in limiting your overall business risk.
When looking at HR’s relationship with information, it’s necessary to first understand the different types of data being collected. This can include anything from employee and candidate social security numbers on applications, criminal background checks, bank account numbers, insurance forms, and medical records, as well as other pieces of information unique to your business. At the same time, how long are these records being housed? If there isn’t a legal reason to keep a sensitive piece of information anymore, it’s often better to destroy it rather than allow it to sit on servers as a security risk.
Consider also how your HR data is housed. HR departments are increasingly going paperless. If yours is one of them, is all of your data housed in the cloud, on-premise, or in a hybrid model? What is the password protection like, and who has access to the data warehouse? Is information safely backed up elsewhere, or are employees using online storage services like Dropbox without the appropriate level of caution? IBM recently banned flash drives and other removable storage from their premises in an effort to avoid those devices being lost or stolen, and to inhibit them from introducing a virus from outside the company.
While not every company will take such drastic measures, it serves as an example that business leaders must consider every aspect of their data. You’ll also need to consider hard copies of sensitive information. Where are they stored and who has access to them? How are they backed up in case of a fire, flood, or other natural disaster? Ignoring even one detail surrounding data can introduce a dangerous amount of risk into any business.
The HR departments of larger organizations may be able to rely on a robust IT department to update software programs and operating systems and check them for vulnerabilities, but small and medium-sized businesses don’t often have that luxury. HR software, like employee portals, are an excellent time-saver, but they should only be introduced into a company if they can be properly maintained and updated. What happens when an employee logs into an employee portal from their home laptop, which had a virus they didn’t know about? Employers can sometimes be held liable for the identify theft of employees, and out-of-date programs are a top avenue for losing vital employee personal information.
Human Resources employees aren’t expected to be technology experts, but only 59% of HR employees are trained in cybersecurity practices as it relates to their role. Considering that 90% of cybersecurity risks are caused by human error, it’s imperative that HR employees are properly trained in how to take care of the sensitive data they work with. Train employees so they know how to spot vulnerable data or potential threats. Make sure they understand what phishing emails look like and that they don’t send a sensitive document to a non-company email address. In other words, HR employees must carefully follow the policies protecting your data, and regular training ensures that practice.
Employees with severe malicious intent are rare, but something to safeguard against nonetheless. Naturally, every business wants to recruit trustworthy employees, but in a hectic environment it can be easy to overlook an applicant’s red flag or checkered past. Your employees’ personal information is extremely valuable on the dark web, and people will go to great lengths to obtain it. HR holds the power to not just spot a candidate who may be prone to such behavior, but to also identify current employees who have become disengaged or disgruntled. After all, an employee conflict can leave a heated staff member deleting or damaging another’s sensitive information in a moment of regret.
Ultimately, an efficient and knowledgeable HR department minimizes business risk. Nowhere is this clearer than when it comes to information security within human resources. By looking at your organization’s data from a high level, updating software, implementing robust training, and reviewing employee hiring/engagement, you can limit future data loss and prevent cybersecurity breaches.