By Arleen Atienza
November 5 2021 - Technology has come a long way. We now live in a time when technology is part of our every waking moment. A time when information is at our fingertips, only a few keystrokes away. Anything you ever need or want to know, you can find it somewhere on the internet.
This is also the time when we can truly say that information is power. As a business, we know that there are certain pieces of information that cannot be divulged to protect not only our companies but our clients and employees as well. Information such as social security numbers, account numbers, addresses, things that people could use to either steal a person’s identity or breach security to gain more information to use against anyone or any entity. This is where data security comes in.
Data security is not just the duty of your IT group, or your security personnel. Everyone has the responsibility of keeping all manner of data secure. And the dangers of a security breach doesn't just come from the outside. For the most part, security breaches are actually a result of human error. One recent survey of IT and security professionals found that 35% of data security breaches were from the loss of mobile devices (laptops, company phones), 32% from third party errors, and only 8% were from external cyberattacks.
With most of the world now eyeing and even moving towards working away from the office, it is a good idea to adjust HR strategies in this remote era. Below, we look at some of the best practices for HR personnel when it comes to data security.
Data security for your HR team
The HR team handles a lot of sensitive data from applicants and employees. Therefore, it is vital for HR personnel to take data security very seriously.
Train your HR team
Offer security awareness training to your team. This is where your team will be schooled on the types of data you handle, learn how to manage client's personal information, and learn the strategies your company has in place for data security. Educating your employees will go a long way in making them aware of potential breaches, risks, spam and phishing emails, and the proper reporting and handling of data breaches should any occur. They should also learn all about password and file security and the proper storage, dissemination, and destruction of data.
Use multi-factor authentication
Multi-factor authentication adds another security layer when validating user access. These could be SMS, PINs, or tokens that your employees will receive and need to input into the system in order to be granted access. This means that it takes more than just a password to get into your system.The most common example of multi-factor authentication is the use of the One Time Pin or OTP. Once the user inputs the OTP they receive through SMS, they can access the application they need.
Unencrypted data can be intercepted and read easily by any hacker or malware waiting to hijack unsuspecting users. That is why sensitive data needs to be encrypted as it flies through the information superhighway. The best way to do this is by installing a Secure Socket Layer certificate or SSL. What SSL does is it uses cryptographic encryption to scramble and encrypt the data as it flies between the browsers and your network. Installing SSL certificates can be a cheap but effective endeavor to beef up the data security for your HR team.
Need to know basis
Part of keeping the integrity of your data security is ensuring that only the people who need to know certain bits of information have access to said information. Put passwords in folders and restrict access to sensitive information. Keep everything on a need to know basis. Give your HR team access to what they need and nothing else as far as data is concerned.
You need to ensure that during off-boarding, all manner of material and access that your outgoing employee has is rescinded and or taken back. Sometimes security breaches come from users whose access has not been revoked yet despite the fact that they have terminated their contract with your company. So make sure that your HR team knows what to do, and the risks involved when the appropriate steps of off-boarding are not followed.
Train your team to create strong passwords that cannot easily be guessed. Most systems now need passwords that have both upper and lower case letters and the use of certain special characters. Some systems require users to change their passwords every few weeks to keep their access secure. It is also important to remind them to never share their login credentials with anyone, not their managers, not their teammates, nor to any IT personnel. Credentials need to be kept secure.
The important thing to remember about data security is that it is everyone’s responsibility. Ensure that your HR team is trained on your company's data security programs. Make sure that they do not share their passwords or login information with anyone. And ensure that access is only granted to people who need it.
|Copyright © 1997-2024 Alan Price and HRM Guide contributors. All rights reserved.