The IT community is buzzing with talk of data privacy and security, particularly in the light of forthcoming GDPR legislation which comes into effect May 2018. Indeed, questions of security have traditionally been IT-led, based around encryption algorithms and authentication. But things are changing: security is fast becoming a shared responsibility for IT and HR.
HR’s role in maintaining data security and privacy is potentially huge. If you think about data breaches, around 50 percent of them are down to employees themselves. Human errors include negligence; sending information to the wrong person; poor password usage; not disposing of information securely; mis-configuring systems; losing business devices and data; and failing to wipe devices after they’re handed over to the next person.
As a result, employees are the biggest single threat to data privacy. It’s starting to dawn on businesses, but slowly. In the US, employee-related data security fines are pretty small at the moment: around $11m a year across the whole of the US. Meanwhile, the cost to businesses of a compromised laptop could be huge: both financially, and in terms of reputation. And with GDPR looming, the fines for losing customer data are designed to be painful: between £2m and £4m per breach.
With the rise of mobile working, the risk of compromise has risen further as endpoints become easy prey for criminals. Password strength is well established on the whole, but many employees use a notepad program or password app to store their passwords – and these can easily be hacked. 63% of employee-centric security breaches are password–related: there’s clearly work to be done by both IT and HR.
What HR can do to help
So, what’s to be done? Firstly, it’s worth pointing out that data security has become an essential element of HCM software.
At Applaud we store data in Oracle, whether that’s on premise or in a hosting provider’s cloud. We also deal with a lot of sensitive customer and employee data, which needs to be protected from hackers and cyber-criminals.
Consequently, we’ve put security at the heart of what we do, mitigating the security risk by using effective data protection for the information we transport for our customers. The upshot of this is that cloud-based HR technology, like ours, can actually improve your security posture, and lower your data privacy risk.
Train to Gain
Going beyond the technology, HR can play an enormous part in improving security, thereby positioning themselves as problem-solvers for IT and the business itself.
Training is a powerful weapon for HR to wield across the organisation: helping employees to adopt best security practices during the on-boarding process and then on a regular basis through their employment. Research has shown that 15% of Millennials are likely to find ways around security controls to make their lives easier; but training can mitigate the risk of people bypassing security controls.
The Best Policy
Policy and procedures are also useful tools for HR: as they determine what employees should do if they lose a device; what happens to data during on-boarding and off-boarding activities in terms of wiping and returning a device; and what the processes are around password policy management.
Finally, auditing is a great way for employers to analyse the flow of data between departments; look for weaknesses and improve data security. HR has a role to play in this, where vendor selection takes into consideration the security issues rather than leaving this to IT, ultimately selecting the best vendor or software to suit both the business and the employee needs.