What Your HR Team Should Know About IT Security

img HR Team
img HR Team About

Human Resources (HR) historically was labeled the “soft function” within organizations. However, in today’s world where protection of personally identifiable information is paramount, there is no greater functional business area where so much of the daily work needs to be protected at all costs. Consider the areas of focus for HR professionals: recruiting/staffing employees, compensation, benefits, labor relations, compliance, organizational structure, payroll, training and development, harassment issues, and so on. Information on any of these topics should never be shared outside of any business organization. Below are security suggestions for HR professionals to lower the risk of a cybersecurity breach.

Stay on Top of All Legal/Compliance Requirements

Unfortunately, compliance is a complex task and guidelines are inconsistent and ever changing — varying across geographies, types of data, line of business, etc. Make sure that a management-level employee stays current on this information and knows what laws apply. Develop a regular schedule of review and updating of these standards: check key sites (such as industry associations) for updated standards, peruse industry newsletters, and attend seminars to stay current.

Collect and Use Only Necessary Personal Data

Gather personal HR data that complies with business needs. Consider using a unique proprietary sequence, instead of a Social Security number, in areas where identifying an employee is necessary in forms or records.

Safeguard Confidential Digital Data Everywhere

Put in place HR records retention policies specifying what kind of data can be stored where, for how long, and accessible by whom. Utilize software that can scan servers and files for sensitive data to identify information residing in inappropriate or unsecure locations. Establish encryption policies for all HR-related material.

Do Not Forget About Paper Files

The best approach to digital security can greatly reduce risks but there is still paper abounding in an HR department. The same records retention policies described above should apply to paper documents. Every HR staff member should adhere to a “clean desk” policy. Nothing should be visible to any wandering eye if a desk is unattended. Shred documents on a regular basis. Keep all staff trained on such policies and enforce compliance.

Share Only on a Need-to-Know Basis

The truth is that HR data needs to be shared within the department as well as with the other units of the business. That happens every day. But that always means opportunities for data leaks. Put in place simple security solutions such as implementing safeguards for a PC workstation to log out after a very short time of inactivity.

A Few Additional Security Concerns to Address

  • Watch out for chatbots that are used for malicious purposes to gather confidential data.
  • Be wary of spear phishing emails; when in doubt, ask the “sender” directly about anything requested in an email.
  • Also, consider mobile device management (MDM) systems to secure phones and laptops and keep antivirus and patching up to date on all hardware company-wide.
img HR Team About