When employers address cybersecurity, they often focus on financial data and intellectual property. But there’s another area that’s just as important and typically much more vulnerable: HR information.
Many organizations have a huge amount of data about both current and former employees, as well as job candidates, stored on their servers or in the cloud. And this information tends to be at great risk because, even if it’s encrypted in storage, HR staff often share key data points via easily hackable mediums such as email, text and instant messaging.
Assess your risk
A good first step to take is to assess your risk. Conduct an internal audit of the types of employment and benefits information you gather, how much data of each type you’re currently retaining, where it’s stored, as well as who’s using it and how.
Don’t be surprised if you discover multiple redundancies regarding where data is stored. Many organizations also discover that they’ve been holding on to HR data for far too long. You could even be shocked to learn that employees aren’t following security protocols, assuming you have widely understood and enforced ones in place to begin with.
4 guidelines to follow
To better protect sensitive HR information, follow these four guidelines:
One important concept to integrate into your policies is “least privilege.” This is the general rule that employees should be granted only the absolute minimum levels of access needed to perform their job functions.
Stay out of the dark
There’s reportedly a huge market for stolen HR information on the “dark web” — the alternate version of the Internet where hackers go to sell their ill-gotten gains. Be sure to take the necessary steps to protect your organization because the associated costs of a data leak, HR or otherwise, can be devastating.
If you have any questions about this content, or if you would like more information please contact Jeff Wilkie, Principal of the HoganTaylor Talent practice. More information is also available on the HoganTaylor Talent page of this website.
INFORMATIONAL PURPOSE ONLY. This content is for informational purposes only. This content does not constitute professional advice and should not be relied upon by you or any third party, including to operate or promote your business, secure financing or capital in any form, obtain any regulatory or governmental approvals, or otherwise be used in connection with procuring services or other benefits from any entity. Before making any decision or taking any action, you should consult with professional advisors.