Most Human Resource (HR) teams are sitting on a data gold mine – a data breach could harm your employees and damage your organisation brand.
HR manages an array of sensitive data such as employees’ national identification numbers, bank account details, addresses etc. A data breach could harm the employer brand, undermine trust in the HR function and its data among employees and business leaders, and open the organisation to sanctions from data protection regulators.
“Cyber-attack is the greatest threat to every profession, every industry & every company in the world” – Ginni Rometty (formerly of IBM). However, HR often sees data management as an IT issue rather than a business concern, and does not assume sufficient accountability for its data. This has to change.
One of the biggest challenges for any organisation is managing risk, and for HR professionals their people are at the heart of creating a secure organisation. With up to 96% of cybersecurity breaches owed to human rather than technological error, it is imperative that an organisation’s people, its management and its processes are well-prepared.
Consequently, The HR function needs an approach that covers the acquisition, management, storage, transmission, usage, retention, deletion and security of employee data. Building a well-informed, cyber-secure workforce – in turn reducing the risk of a data breach and ensuring the organization can respond quickly to a breach – is vital.
A Brave, New (and Dangerous) World
The world has become, in many ways, a perilous place. This is especially true when it comes to the rise of identity thieves, who work day and night to steal your employees’ data. Look no further than the recent data breach at Equifax, which saw 143 million Americans have their personal data stolen. Social security numbers, birthdates, addresses – all taken in the blink of an eye.
This isn’t an isolated case. In fact, 2020 is on track to have the most data breaches on record; more so with impacts of the COVID-19 pandemic.
HR’s responsibility to protect sensitive data
HR professionals have many responsibilities, but none quite as important as their duty to protect employees and their company. In today’s digital world, that means they must take on a much different role than in years past — they must become cyber-warriors.
Knowledgeable and proactive HR managers are your organisation’s best line of defence against phishers, identity thieves, hackers and all other crooks who are increasingly targeting businesses and their employees. Every day, HR managers face risks they may not even know exist.
Here are just a few of the challenges HR must continually overcome…
· HR data is like gold to identity thieves – if thieves can access your HR records, then they’ve struck gold.
· Other members of management often have access to HR records, making it much harder to ensure everyone follows proper security protocols.
· Disgruntled employees may act against their organisation – making use of HR data they have access to.
· Identity theft frequently begins in the workplace – with some employees willingly selling your HR data to criminals.
How it Costs Your Company
What are the major costs associated with data breaches and loss of employee data?
When employees become victims of identity theft, it has a significant impact on your business – regarding both productivity and profitability. 40 percent of companies which received identity theft-related attacks report that their employees’ workplace actions were significantly affected.
If your company experiences a data breach or your employees have their personal information compromised, your organisation will likely incur some or all of the costs and consequences detailed below:
· Reputational damage
· Regulation costs
· Litigation costs
· Employee disengagement and dissatisfaction
· Costs associated with malware attacks
But what can HR do to protect employee data?
The good news is that HR has the power to protect their employees’ personal data and the company’s bottom line. While this does require considerable time, energy and effort, the results will be well worth it. Consequently, organisations must implement the following recommendations in order to protect their HR data:
1. Provide thorough and continuous training to your HR team
Your employees need to understand the following as part of their training:
· The risks of identity theft and security breaches
· How to handle personal data
· How to recognise and prevent various cyberattacks
In this regard, it is worth noting that Delta3 International is currently running a one-day training for HR professionals in Africa. Interested organisations are therefore invited to register their employees for this training course via our website (www.delta3.co) ‘The HR Guide to Employee Data Protection and Identity Theft Prevention’.
2. Develop a comprehensive cybersecurity plan
Work alongside your IT department to create a robust cybersecurity plan on how best to protect HR data. For example, working with your IT department and senior members of management, craft a document that outlines the best policies for handling, storing and accessing the personal data of employees.
3. Recognising and preventing various cyberattacks
Train your employees to identify and avoid cyberattacks, especially phishing emails. If you spot the signs, chances are the email is actually part of a phishing scam.
4. Finally, Keep security on top of your mind
It pays to encourage your employees to keep security on top of their minds. That’s because informed employees usually make better decisions regarding their corporate security management, such the use of stronger passwords, etc.
In conclusion, senior management in all organisations should understand the fact that “When You Protect Your Employees’ data, You Protect Your Company”.
>>>Support Information Security in Africa by sponsoring this Weekly Article and promote your Brand
>>>The writer is the Managing Partner, Delta3. As an Enterprise Architect and Information Security Consultant, Del Aden is an industry-recognised security expert with over 20 years of hands-on experience in consulting, training, public speaking, and expert witness testimony. As the Managing Partner for Delta3 International, Del now focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats.
An astute speaker and trainer, Del is on the cutting edge of cybersecurity research and development. For comments, contact author: [email protected] Mobile: 0202 621350 (GH) or 44 7973 623 624 (UK). Website: www.delta3.co Contact us: [email protected]
The post InfoSec Advisory with Del Aden: Effective HR data and cybersecurity appeared first on The Business & Financial Times.
Read Full Story
Facebook
Twitter
Pinterest
Instagram
Google+
YouTube
LinkedIn
RSS