The world as we know it is changing.
And as the lines between the real world and the digital world become increasingly blurred, it’s time for HR to take security seriously – ensuring that confidential data continues to be protected online…
Viewing data as your most valuable asset
Whilst ‘data’ is undoubtedly one of a company’s biggest assets, along with its people, the wealth of information held about an organisation, its employees, processes, finances and more, can also put a company at risk.
This is why HR teams need to work side by side with IT teams to ensure that the risks involved in managing people data is fully understood on both sides, and that security is not simply seen as an ‘IT issue’.
Only then can appropriate risk management strategies be implemented to protect against security breaches.
As we settle into a post-GDPR world, we are all much more aware of the consequences that any data-breach can have upon a business.
Even before the new regulations came into effect, the financial consequences were significant; with over four in ten UK businesses identifying at least one cyber breach over the past 12 months, at an average financial cost of £9,260. With some breaches costing significantly more.
The more sophisticated our technology becomes, the more sophisticated hackers do too.
Complacency is therefore not an option. Proactive management of and planning for data security breaches is an ongoing task.
The solution is… simple?
We’ve all heard the dramatic news stories about companies that have fallen foul to ransomware attacks. Yet, interestingly, only a tiny percentage of cyber attacks are ransomware related.
In fact, over the past year, the biggest risk facing companies has been the inability of staff to correctly identify fraudulent emails.
“People Are Often The Weakest Link In The Security Chain” Forbes.com
According to the Cyber Security Breaches Survey 2018, 75% of all security breaches were caused by ‘fake emails’ which encouraged unwitting staff to reveal passwords or private financial information.
Does this mean that implementing an effective strategy for protecting corporate data is actually a lot simpler than you might think?
Ciaran Martin, CEO of the National Cyber Security Centre, thinks so:
“Cyber-attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated. Companies can significantly reduce their chances of falling victim by following simple cyber security steps to remove basic weaknesses.”
HR managers can begin by not only drawing up a formal cyber security policy and reporting procedures, but also by putting in place some simple, yet comprehensive training for all employees – helping them to ensure that they can spot potential threats before they result in full-blown attacks.
In practice, this can mean anything from regular updates and messages via an intranet system, to company-wide online training videos and workshops, demonstrating the most common data risks.
Of course, there are a number of additional processes that can be implemented to aid employee understanding of potential security risks. Head on over to our Resources section to download our handy checklist.
Shutting the gate after the horse has bolted… an ineffective strategy!
Every business would like to believe that out-going employees will leave on positive terms, yet even with the best of intentions, disgruntled ex employees are a fact of life. It is a sad truth therefore that former staff must be viewed as potential security breaches.
One issue that many HR teams face is a lack of knowledge regarding how much access an employee has to confidential information and/or internal systems and databases.
When data access points are widely open (or even shared amongst colleagues), it can be much harder to restrict access once an employee has left the business. This task is made even harder when taking into account those employees who may have used their own personal devices to access work-related apps or have access to social media logins.
It’s essential that off-boarding activities are included within cyber-security policies to provide protection against ex-staff who may hold a grudge, or who have simply fallen through the cracks.
If there is no integration however, HR systems should also be able to promptly notify relevant teams once a leave date has been entered.
You may also be able to spot any unusual employee activity prior to an their departure (such as the mass transfer of internal documents), as well as determine if there have been any unusual login attempts – perhaps from a new location or at an unusual hour.
Focus on the basics – updating software and changing passwords
The easiest way for a business to remain safe in an online world, is to pay attention to the small details.
Shockingly, a quarter of all charities have never updated their software or malware protections, while a third of UK businesses do not routinely issue their staff with password guidance (source: Cyber Security Breach Survey 2018).
Last year, the country was stunned by the impact of the WannaCry ransomware attack on the NHS.
Affecting more than a third of NHS Trusts, the attack encrypted data and demanded a ransom equivalent to £230 for each infected computer.
A report from the National Audit Office has since said that the attack had been entirely preventable if cyber-security recommendations had been followed and older software had been updated or replaced.
Take the first step
If you have invested in a dedicated HR system, you may find that regular system upgrades are automatically scheduled. However, you may need to manually co-ordinate this – particularly if you use multiple stand-alone systems rather than an integrated option.
Ensuring that you have an upgrade strategy in place for your HR software, whether this is cloud-based or on-premise is essential. For help and advice on system upgrades, contact a member of the Silver Cloud team today.
We would also recommend working alongside your IT colleagues to develop clear, password guidance which should be regularly communicated to staff along with your security policies. Implementing two-factor authentication, available with most modern HR systems, is also a straightforward way in which to boost your defences.
These small steps could just be enough to protect your corporate data and prevent any potential breaches from escalating into a full-blown disaster for both your reputation and your bottom line.