Who is responsible for your company’s data security?
Is it the IT team? The HR and People team? Another department? Perhaps a mixture of all – or, none?
Ensuring data is held securely is a critical issue. If employee data gets into the hands of hackers or those it’s unintended for, then not only can it be damaging for employees and your business, but it undermines their trust in you as an employer.
HR and People teams hold your most confidential and sensitive data – your people data. As the guardians of people’s data, HR and People teams fully comprehend the responsibility they hold to ensure employee data is protected.
Here are just three ways in which HR and People teams can mitigate and prevent data security breaches.
Work with IT to implement cloud systems
Cloud technology provides a secure and user-friendly solution, moving away from archaic systems where data is held on different platforms – or even in spreadsheets – in different locations, and prone to data breaches and human error.
A cloud-based system can be accessed across all offices and all locations, and is updated regularly and can be accessed instantly by HR and employees through an online platform.
By enabling employees to access their data securely including payment, benefits, bonuses, performance reviews and targets, they are more likely to engage positively and feel more empowered. Moreover, in this on-demand age, they expect it. No one wants to go on hold whilst HR checks how many holiday days they have left.
Furthermore, by allowing employees to update their own personal information, hours of HR’s time can be saved to concentrate on engaging their people. It’s a win-win situation – a cloud system that both provides security and enhances productivity.
By implementing cloud technology, HR and People teams can mitigate against the need for employees to download data to USB sticks, which can be lost, or email company documents to their personal email accounts which can be easily breached.
It’s in every cloud provider’s best interests to adhere to the highest standards of security – it’s their livelihood at stake. Ultimately, if a cloud HR provider can provide you with evidence of its quality practices, such as ISO 27001 certifications and accreditations, then this means that your records are safer in the cloud than sitting in your office.
Restrict data access
Compliance and security is of paramount importance, especially with the General Data Protection Regulation (GDPR) coming into force in May 2018.
One of the fundamental jobs for HR is to perform risk assessments of your data and implement protocols for the access of data and the varying degrees of security.
Who can see what in the company, why and for what purpose? In this way, HR and People teams can limit and grant access of secure information to various degrees to certain individuals.
They also have the authority to withdraw that access from an individual as required – and should regularly do so to ensure that only HR employees who need access to data have it.
Training the business to raise awareness
HR and People teams can develop a compliance culture by training all staff on how to handle data, how to create secure passwords, how to spot any reckless or malicious behaviour and who to inform if so.
Most employees assume that cyber security is a technical issue and it is not until after a successful attack that they start taking personal responsibility for security. HR and People teams play a vital role in educating employees about the impact their attitudes and behaviour have on the organization’s security.
Senior management needs to show that they too are fully committed, though. The CEO and even the Chairman should take the training and be seen to be talking about the issue.
The role of the wider business
If you’re the kind of company that believes that security is a tech rather than a data issue, perhaps you should reconsider.
HR and people teams hold the key to your people and your data. If they work collaboratively with your IT department’s technical know-how and diligence, just think how secure your data could be.
However, neither department can do it alone without the full buy-in and support from the C-suite of the company. Data security is critical; with the GDPR on the horizon, companies should be leading from the top.
Interested to find out more? Find out eight ways HR and People leaders can prepare for GDPR.