July 25.2017, 9.00am
Questions you need to ask your HR technology provider about security
Getting the right HR technology is vital in any business but getting the right HR technology from the right provider is even more important. You can invest in great technology, but will anyone pick up the pieces if it doesn’t reach the standards you presumed were a given?
Just look at what happened when a failed software update left millions of Bank of Scotland customers unable to access their money in 2012. Some customers were unable to access funds for several days. A subsequent investigation criticised “inadequate management of IT risks” and the bank was fined £56 million by regulators.
There’s an important lesson there if you’re thinking about upgrading your HR software. It’s not just about having the right technology – it’s also about getting it from someone who can provide risk management, or intervene in the event of a technical fault.
HR technology retains or processes sensitive personal data like bank details, personal information and email addresses. Any business that uses HR software needs to know that their vendor can safeguard this data and provide technical support if needed.
Choosing the right provider is a major decision when it comes to your HR technology. That means you need to understand the surrounding issues and know the right questions to ask.
Why is security so important?
This isn’t just about your responsibility to your workforce or employees. There are also legal implications associated with the retention of sensitive data and severe penalties for data breaches.
With the General Data Protection Regulation (GDPR) coming into effect in May 2018, it’s more important than ever to have a secure system in place to manage personal data. Your company could be fined millions of pounds for serious offences under GDPR so data security could be essential to the survival of your business.
Security has also come into focus with the recent increase in high-profile cyber attacks against businesses. The Petya and Wannacry ransomware attacks have highlighted how vulnerable organisations can be to cyber criminals. Ransomware attacks can encrypt an organisation’s data and leave you permanently unable to access your systems. The threats we face in a digital word have changed and you need to change with them.
Is your data stored on-premises or in the cloud?
The inexorable movement towards cloud technology has seen even smaller business abandon on-premises storage. A PWC survey conducted at the end of 2015 found that 23% of companies were using cloud for HR technology and that a further 26% planned to do so. A year later, the number using the cloud had risen to 44% and a further 30% planned to move to it.
One of the advantages of using cloud-based software is that suppliers invest massive sums of money in the security infrastructure needed to provide physical and virtual protection. By outsourcing this responsibility to a third party, you can avail of significantly better security measures.
Cloud-based software providers have a vested interest in providing the very best data protection and security features. Any security failing at their end could destroy their entire business so you can be sure that they’ll be adopting the best industry standards, firewalls and physical security measures.
One of the best protections against ransomware and other malware attacks is to have the most up to date protection. The best vendors will constantly update their security and ensure that they are fully equipped to deal with any known threats.
By removing data storage units from your premises, you’ll also be removing a potential security risk and removing the need for your IT department to maintain it. Cloud-based technology has become a smart, efficient and secure way to protect your personal data.
What happens if there is a breach?
We live in an online, connected world so it’s harder than ever to keep your information safe. Even if you invest in a highly secure system, breaches can happen. Cyber criminals often target human weaknesses.
One recent report found that 63% of confirmed breaches involved “weak, default or stolen passwords.” Another study revealed that employees routinely flout security policies. That highlights the need for HR to further educate employees on security protocols but it’s also a reminder that breaches can happen.
When GDPR comes into effect next year, any security breach will need to be reported to the DPA within 72 hours unless the data is encrypted or doesn’t identify individuals. Employees affected will also have to be contacted.
Using a service that encrypts your data means that it is passed through a coding process and a key or a password is required to unlock it. Encryption can protect your data and it should be one of the first things you ask potential providers about.
You also need to know what response a vendor can provide in the event of a breach. There should be clear procedures in place. If your provider has an effective disaster recovery plan, it will reduce the amount of time that your system is down, limit costs and help you to re-secure your data as soon as possible.
How safe is your vendor?
It’s easy for vendors to promise you the world but that doesn’t mean that they can deliver. Talking to their other customers or researching them thoroughly is one way to assess their suitability.
As a HR professional, you know how to check the claims of someone who’s applying for a job. You check their references and see if everything works out. A similar approach can help you to check the reliability of a potential vendor, even if you aren’t a technical whizz.
Industry standards are the safest measure so check whether they’re ISO certified or what other accredited awards they’ve been given. This can be a simple way to see if they’ve a proven track record of delivering and sustaining a quality service that meets the standards you require.
Choosing the right HR technology to protect you data and manage your security is vital – so is managing change.
Read about key organisational challenges, and learn how HR technology can help – download ‘The Role of HR in Change Management and 5 tips for Success’ today!
By Edel Walsh