Human-resource professionals are the gatekeepers of enormous amounts of sensitive personal data, such as social security numbers, demographics, health records, and confidential company documents. Data protection may not be the top daily priority for many HR employees, but data security must be ingrained within your HR processes and systems.
Your IT department can only do so much in the way of data protection when it comes to human resources, because the very nature of your job involves people. In most cases, people are the weak link in data security; hackers and data thieves are proficient in using social engineering to get individuals to unknowingly release passwords, usernames, and secure information. Some of the traits that make human-resource employees valuable, including helpfulness and curiosity, make those individuals a target for hackers. Educating employees on common phishing techniques is an important data protection step, and you can create in-house policies that make phishing more difficult. Let HR employees know that the helpdesk will never ask for personal passwords, and ensure everyone understands need-to-know information and confidentiality policies.
It's important for all HR professionals to understand the seriousness of data protection. Create a plan for Internet security and make sure everyone understands the policy. Every worker can tighten data protection in a few minutes by creating better passwords. Require passwords that contain unique characters, at least eight characters, and multiple case. Require that passwords be changed periodically, and warn employees about using email passwords for system logins, as this is one way hackers gain entry to sensitive corporate systems. Human-resource staff can help ensure data protection across the entire enterprise by offering training sessions about passwords, especially during orientation phases.
Increased reliance on mobile- and cloud-based services opens new holes in company security. HR organizations should work with technical and business leaders to create safe processes and educate employees about the risks associated with more convenient computer processes. Human-resource staff should encourage employees to care for mobile devices and laptops appropriately and report theft or loss immediately. Policies should avoid severe punishments for accidental loss—especially a first-time incident—because employees are less likely to report issues when they expect harsh retribution. Employers may want to start disciplinary action for employees who do not report loss or theft in a timely manner, however.
Human-resource organizations play an important role in corporate and small-business information security. HR representatives have access to a lot of sensitive information about employees, applicants, and the company, so they must be aware of security risks and understand how to safeguard data. Because human-resource departments play an important role in policy development and training, HR reps must also work with employees throughout the organization to create and maintain the most effective procedures for data protection.
(Photos courtesy of Stuart Miles / freedigitalphotos.net)
Become a member to take advantage of more features, like commenting and voting.
Register or sign in today!