With GDPR coming into force next month, the topic of data security is currently top of mind for IT departments and HR managers alike.
Ensuring the continual protection of confidential employee data, including home addresses, bank details and even right-to-work documentation, is paramount – and not just because it’s the law.
The consequences of getting things wrong can be catastrophic, as we’ve seen recently in the wake of the Cambridge Analytica scandal.
Within one week of the revelation of their involvement, Facebook lost almost $58 billion in share prices. It’s too early to tell if they will be able to fully recover, but it’s clear that this particular data breach will have long lasting implications for both the company and its users.
This may be an extreme example, but the principles are the same and organisations of all shapes and sizes really do need to start prioritising data security – an opinion shared by many of our peers throughout the HR sector.
Speaking on the subject, Mai-Po Wan, global head of product marketing at Sage People, said:
“There is no bigger thing that companies need to get right today than data security.”
“Data security, privacy and compliance has always been, and will continue to be, a critical factor for HR, but it is increasingly difficult to get it right given the changing pace of business.”
Trust is at the heart of all employee relations
Data collection is an essential activity within every area of human resources; from recruitment and on-boarding, to training or performance-management.
Described by CoreHR as an “ongoing part of any employee experience”, data collection is much more than the mere storage of personal data however; it’s the start of a trusting relationship between employer and employee.
We’ve previously blogged about the modern, analytical style of human resources, and whilst the fact that we can use technology to analyse employee data to spot and predict trends is exciting, HR professionals would do well to remember that this data still needs to be used responsibly.
For example, if you run a report demonstrating staff sickness and absence rates, you need to ensure that any data is anonymised to avoid the risk of revealing confidential medical records.
If you are running dedicated HR software, this is relatively simple to do, but for those still operating through spreadsheets and paper-based documents, there is much more scope for human error.
Preventing security breaches
The use of dedicated HR technology means that the collection and storage of employee data is more secure than ever before.
Unlike easily-accessible filing cabinets, cloud-based software options can offer the highest levels of security, giving HR managers confidence that their data is fully protected.
Vendors are continuously investing in updates to their systems, using cutting-edge technology to develop world-class security levels. This means that your data is protected above and beyond that of in-house IT security platforms which cannot benefit from the same levels of investment.
However, no system is infallible.
It is the responsibility of HR departments, with the support of colleagues in IT, to not only educate employees about risk management strategies, but to implement robust policies to prevent any potential breaches from occurring.
In a recent article Randstad declared:
“Your employees are your organization’s single biggest risk.”
This is certainly true.
A 2016 report from Verizon highlighted that 63% of confirmed data breaches were caused by weak or stolen passwords. With 93% of cybercrime taking just minutes to compromise systems and extract confidential data, businesses need to incorporate a variety of preventative measures to protect themselves.
By working in partnership with IT departments, HR managers should develop stringent cyber security procedures which not only encourage the use of stronger passwords, but also make it clear that disciplinary procedures may be taken if policies are not adhered to.
Data protection also affects remote working
Whilst remote working opportunities have created greater flexibility for workforces, they have also led to new challenges as HR teams need to ensure continuous data protection for those working off-site.
Encryption software is available for mobile phones and laptops and is used as standard for company-owned devices, but it can be more complicated when employees choose to use their own personal items for work-related activities. Simply downloading an unauthorised app could violate policies and leave companies vulnerable to hackers and cyber criminals.
Before any remote working practices are agreed to, HR professionals should ensure that their policies set clear expectations of how employees are expected to keep data safe. Ensuring strong passwords, installing firewalls, limiting use via public WiFi and email encryptions are just a few ways that workers can prevent any data breaches from occurring.
If employees are regularly using personal devices to access emails or files, businesses should also introduce policies which give them the right to request that corporate data be wiped if employees choose to hand in their notice.
“Information security requires technical and human safeguards, and making sure your policies, people, staffing and documentation are up to par is a critical method of reducing your risks.”