4 Ways HR Can Champion Data Security

May 12, 201712:24 pm
Generic placeholder image

In today’s world of interconnectivity, mobility, digitally connected devices and remote working, the one thing that needs to be on the top of mind for every organisation, big or small is data security. Security is not just about protecting your company from malicious attacks, but also about making sure that important business information is secure and only accessible to the right people.

Technology has transformed human resource (HR) management as many organisations leverage software to automate tedious tasks, and save their employees time for more critical business tasks.

In fact, according to research by Justlogin, more than 70% of small and medium enterprises (SMEs) across Singapore are using HR software to automate administrative functions such as payroll, attendance, and claims management.

It’s the same story globally according to a recent survey by PwC – 44% of companies surveyed are using Software-as-a-Service (SaaS) for HR, while another 30% are planning to move to SaaS in the next one to three years.

While these products simplify the HR function and make it easier for employees to access and share corporate or personal information, it comes with its own share of security risks. Network vulnerability is a dangerous issue as it exposes unauthorised personnel with access to information such as phone numbers, identity numbers, and bank account information.

HR professionals can champion data security within the organisation by playing an important role in safeguarding sensitive company data and ensuring that employees are able to share relevant information easily and securely within the organisation.

Here are four ways HRs can champion data security:

1. Accurately classify data: There should be two tiers of data classification: Tier 1 data includes sensitive information such as personal information details and should be linked to specific user groups. For example, salary and payroll data should only be accessible by specific HR personnel. Tier 2 data, is less sensitive such as internal policies and manuals. This information should be encrypted and assigned security permissions that allow everyone inside the organization easy access.

If you are sharing personal information of company personnel with external service providers, it is crucial to know, what measures are being implemented by them to secure their data from unauthorized access or hackers. This links directly to the need to undertake a risk assessment. Additionally, this data should reside in Singapore.

See: 56% Singaporean CIOs Believe IT and Data Security Roles Will Dominate the Job Market in 2017

2. Undertake risk assessment: You can only protect what you know. The first step to knowing exactly where the weak spots are, is to perform a threat assessment. Work with IT and other members of your team to know the assets that are most valuable and what will be the best way to secure them.

If you choose to opt for a SaaS platform, the key questions to ask your provider are:

  • What measures do you take to assure sensitive HR data is secure from access by unauthorized parties, internal and external or hackers?
  • What security certifications do you have?
  • How do you assure business continuity? How do you keep data and applications always available? What kind of measures do you have in place against Denial of Sevice (DoS) attacks?
  • Will our data reside in Singapore?

Certifications like ISO27001specifies security management best practices and comprehensive security controls for information security management systems (ISMS).

This certification gives customers the assurance that the company has systematically evaluated information security risks, designed and implemented a comprehensive suite of information security controls for better risk management.

3. Educate your employees: Technology (and the potential for breaches) have entered every facet of business today. Hence, it is important to have a clearly defined security policy. Equally as important it is to communicate and educate your employees about this policy. It is only human to make mistakes, but it is important to provide the right training to all users to ensure your business data is kept secure.

Justlogin’s HR survey found that, while more than 70% of SMEs use HR software, the top challenge that businesses face today is educating employees on how to use new technology effectively. Understandably so, because inconsistent or unsecure usage of HR software could lead to security breaches.

4. Encourage accountability: As SaaS application usage increases, research suggests that people become more lax about security. This could be due to misconceptions about cloud app security. For example, people using SaaS applications were three times more likely to keep passwords in an unprotected document. 

At its core, HR is about managing people. HR oversees employee training, onboarding, cultivating a positive corporate culture, and keeping an eye on employee conduct. It is important to ensure employees have the tools and information they need to keep themselves and their data secure, while being accountable for the security measures put in place by their organisation.

If your business is considering (or is already) using a SaaS HR platform, make it your priority to ensure that your provider has all their bases covered from regular systematic evaluation to comprehensive information security controls. This is so that, you can ensure your business reaps all the benefits from the platform – greater efficiencies as well as better security for sensitive HR data.

Author credit: Matthew Taylor, CTO, Justlogin

Also read: Investigating Cyber and Data Security Breaches in Detail: Report Findings