What Your HR People Should Know About IT Security
Human Resources (HR) historically was labeled the “soft function” within organizations. However, in today’s world where protection of personally identifiable information is paramount, there is no greater functional business area where so much of the daily work needs to be protected at all costs. Consider the areas of focus for HR professionals: recruiting/staffing employees, compensation, benefits, labor relations, compliance, organizational structure, payroll, training and development, harassment issues and so on. These are all things that regardless of how “perfect” an employer may be, none would want any of that information to be shared beyond the figurative four walls of their own organization. Below are security suggestions for HR professionals to lower the risk of a cybersecurity breach.
Stay on Top Of All Legal/Compliance Requirements
Unfortunately, this is a complex task as such guidelines are inconsistent and ever changing—varying across geographies, types of data, line of business, etc. Make sure that a management-level employee takes ownership of this and knows what laws apply. Develop a regular schedule of review and updating of these standards: check key sites (such as industry associations) for updated standards, peruse industry newsletters, and attend seminars to stay current.
Collect and Use Only Necessary Personal Data
Gather personal HR data that complies with business needs. Consider using a unique proprietary sequence, instead of a social security number, in areas where identifying an employee is necessary in forms or records.
Safeguard Confidential Digital Data Everywhere
Put in place HR records retention policies specifying what kind of data can be stored where, for how long and accessible by whom. Utilize software that can scan servers and files for sensitive data to identify information residing in inappropriate or unsecure locations. Establish encryption policies for all HR-related material.
Do Not Forget About Paper Files
The best approach to digital security can greatly reduce risks but there is still paper abounding in an HR Department. The same records retention policies described above should apply to paper documents. Every HR staff member should adhere to a “clean desk” policy. Nothing should be visible to any wandering eye if a desk is unattended. Shred documents on a regular basis. Keep all staff trained on such policies and enforce compliance.
Share Only on a Need-to-Know Basis
The truth is that HR data needs to be shared within the department as well as to the other units of the business. That happens every day. But that always means opportunities for data leaks. Put in place simple security solutions such as implementing safeguards for a PC workstation to log out after a very short time of inactivity.
A Few Additional Security Concerns to Address
- Watch out for chatbots that are used for malicious purposes to gather confidential data.
- Be wary of spear phishing emails; when in doubt, ask the “sender” directly about anything requested in an email.
- Also, consider Mobile Device Management systems to secure phones and laptops and keep anti-virus and patching up to date on all hardware corporate wide.
Stay tuned next month as we shine a light on your receptionist and share what he/she needs to know to keep your data safe and secure.
As always, the IT Radix team is here to assist in adding layers of security to protect you and your business. Contact us today!
First published in our October 2021 IT Radix Resource newsletter