What Your HR Team Should Know About IT Security
Human Resources (HR) historically was labeled the “soft function” within organizations. However, in today’s world where protection of personally identifiable information is paramount, there is no greater functional business area where so much of the daily work needs to be protected at all costs. Consider the areas of focus for HR professionals: recruiting/staffing employees, compensation, benefits, labor relations, compliance, organizational structure, payroll, training and development, harassment issues, and so on. Information on any of these topics should never be shared outside of any business organization. Below are security suggestions for HR professionals to lower the risk of a cybersecurity breach.
Stay on Top of All Legal/Compliance Requirements
Collect and Use Only Necessary Personal Data
Safeguard Confidential Digital Data Everywhere
Put in place HR records retention policies specifying what kind of data can be stored where, for how long, and accessible by whom. Utilize software that can scan servers and files for sensitive data to identify information residing in inappropriate or unsecure locations. Establish encryption policies for all HR-related material.
Do Not Forget About Paper Files
Share Only on a Need-to-Know Basis
A Few Additional Security Concerns to Address
- Watch out for chatbots that are used for malicious purposes to gather confidential data.
- Be wary of spear phishing emails; when in doubt, ask the “sender” directly about anything requested in an email.
- Also, consider mobile device management (MDM) systems to secure phones and laptops and keep antivirus and patching up to date on all hardware company-wide.