November 17.2016, 11.42am
Data Security: What Every HR Leader Needs to Know
The very mention of data security can make even C-Level executives feel uncomfortable. You can’t turn on the news without hearing about a security breach somewhere – even some of the biggest organisations in the world have been hacked in 2016.
Data is the lifeblood of any business. Protecting the private data of employees and customers is now a priority for all organisations – big and small.
Why is data security so important?
Data protection is enshrined in law so data breaches can lead to legal action, fines or even criminal proceedings. It’s also vital to be aware of compliance requirements across legal jurisdictions as regulations differ from one territory to another. Living in a digital world has changed the way we do things. Every team or department in the workforce now interacts with technology.
Data leaks can impact on the company reputation and the future success of the organisation. Businesses that retain customer data can be devastated by even a minor data breach. Consumers take data protection very seriously – and so they should!
Two in three customers said they’d cease doing business with a company that experienced a breach where financial information was stolen. Half of the respondents to the global survey by Gemalto said they’d stop doing business with a company where personal information was stolen. A quarter of people said they’d consider legal action against the breached company.
The main cause of data security breaches
HR might have a brilliantly drafted data protection policy in place but that may not be enough. The problem with breaches is that they’re often caused by something as simple as employee oversight.
A recent report found that 63% of confirmed data breaches involved “weak, default or stolen passwords.” Phishing attacks are a growing threat but human error is a continuing problem. 26% of human errors involved sending sensitive information to the wrong person.
“You might say our findings boil down to one common theme — the human element,” said Bryan Sartin, Executive Director of Global Security Services, Verizon Enterprise Solutions. “Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now. How do you reconcile that?”
Research by the Ponemon Institute found that external cyber attacks were responsible for just 8% of breaches. Part of the problem is employees’ dismissive attitude towards data security. It’s not unknown for employees to bypass security measures in the interests of speed or expedience.
Work phones or company laptops are par for the course these days but they represent yet another risk. Connected devices are a potential back door to sensitive information, especially if they’re misplaced or accessed by non-employees.
Employees routinely put an organisation’s private data at risk by breaching data protection policies. Breaches can be caused by simple oversights like not changing a password, performing work tasks on public networks, using unsecured channels, or losing a device that contains sensitive information.
Another survey found that 70% of Millennials admitted to bringing blacklisted applications into work in violation of IT policies. And 60% of Millennials “aren’t concerned about corporate security when they use personal apps instead of corporate-approved apps”. This is why security education is so important.
Is the cloud safe?
Many companies now store important data in the cloud but is that really safe? Well, there’s evidence that the cloud actually enhances security. Cloud platforms are specifically designed for purpose, rather than built on outdated legacy architecture.
Individual companies who handle data storage are constrained by how many security engineers they can employ. Whereas a cloud provider’s professional reputation is based on security so they need to constantly provide around-the-clock security. Best-of-breed cloud services also incorporate the highest security standards and cutting edge tech.
There are also no physical servers to maintain or fix. Being able to provide agility and security at a fraction of the cost makes it an obvious approach. The only question remaining is how to get your employees as secure as the cloud.
Why is HR responsible for data security?
“So why is HR responsible for data security,” you may ask. “That’s an IT issue?”
The reality is that the buck stops with HR. Data security is an ongoing part of any employee experience. So the responsibility naturally falls to the department tasked with overseeing onboarding, employee training, company culture and the redress process.
HR has to implement data protection policies and procedures, educate the workforce and provide awareness training. Employees need to buy into this process from the moment they join the firm. Many companies are now using gamification to make this process a more engaging experience.
HR needs to turn each new hire into a convert and ensure that they’re constantly updated with new security developments. Educating employees about basic threats like phishing scams and password protocol will also reinforce your security.
Risk assessments are a great way to find out if additional employee training is required. Work closely with your IT department to identify potential risks with the technology you are using.
Here at CoreHR, security is not a second thought, it comes as standard. We are hosted on the world’s most secure platform so you can be confident we can deliver on your information security and data needs.
Looking for new technology? Download Gartner’s Strategic Roadmap for HCM Technology Investments
By Mark Sexton