Protecting customer data has become a priority for companies of all sizes; but what about the data of their employees? A recent survey and report from GetApp reveal 41% of companies don’t train their human resources (HR) staff on data security.
Even more alarming, 55% of HR professionals don’t see employee data security as a serious issue. Considering HR departments have some highly sensitive personal information, it should be a top priority and taken seriously.
According to Harshit Srivastava, Content Analyst at GetApp, businesses are sitting on a ticking time bomb if they don’t secure employee records.
In the report Srivastava goes on to say, businesses still have a long way to go to ensure this information is protected. Adding, “We were surprised by how few businesses actually have a policy in place, and the attitudes of HR professionals toward data security.”
A breach can cost your company fines by regulators, lawsuits, as well as damage to your reputation affecting customers, employees and future applicants to your company. No matter whose data you are in possession of, it should be protected with the same resolve.
Srivastava says creating a proper framework to protect sensitive HR data is how you can ensure the information is safe.
Employee Data Security
In the report, Srivastava says there are three mistakes that are common which lead to employee data breaches. They are the failure to recognize employee data security as a real threat, inadequate training on data security, and blind trust in HR software vendors.
With 55% of HR professionals not identifying employee data security as a serious issue and another 41% not training their HR, there is a serious problem. Besides these issues, 46% of businesses blindly trust HR vendors. This means they are not screening for data security features when they buy HR software.
Why is this so important? Because HR software vendors have access to sensitive data including, but not limited to social security numbers and payroll records. If you don’t scrutinize their security protocol for protecting this data, all that information is at risk.
In order to help you protect this information and avoid employee data breaches, GetApp has created a 5-step framework.
The first step of the framework is to create a security awareness program. The more aware your entire workforce is about cybersecurity, the more they will take the issue seriously. After all, their information is also part of the data which is in danger.
As it applies to HR, GetApp suggests for all stakeholders to communicate and stay on the same page about the consequences of data security breaches. This includes conducting meetings with all team members along with the serious repercussions for negligence in handling employee data.
The second step is to create a formal policy for data protection. With a strong policy, stakeholders will know about the do’s and don’ts of handling employee data. This will instill a sense of responsibility for compliance because they are going to be accountable.
The third step is to continue training your employees. This is especially important because the cybersecurity threat landscape is always evolving. You can’t just train your staff once and expect them to know about all subsequent threats.
For the fourth step, the goal is to screen HR software vendors thoroughly for data security compliance. According to GetApp, you have to study all the HR data regulations that apply to your business. Knowing what the regulations are lets you know if your vendor is abiding by those regulations.
And once you make up your mind about the vendor, go through service-level agreements (SLAs) and terms and conditions. The SLA will spell out the security measures the vendor is taking to protect your data.
The fifth step is to audit the third-party service providers you use. Beyond your HR vendor, you should also audit all other suppliers to make sure they are abiding by all regulatory compliance issues.
After you implement this framework, you have to include long-term goals as part of your data security policy.
GetApp recommends revising your data security policy quarterly, conducting frequent training, and include data security training in employee onboarding.
The key is to not get complacent because cybercriminals aren’t.
More in: Popular Articles