Why HR Should Be Concerned About Data Security
The proliferation of Web, cloud and mobile technology in recent years has opened the HR industry up to whole new possibilities. Unfortunately, one area that has also made itself known is that of cybersecurity. In a world where data and information have become something of a new currency, protecting and securing them has taken on new importance.
This raises new concerns for HR and management professionals, who are responsible for safeguarding this new information capital. In the digital age, securing data isn’t as simple as locking it in a safe on-site. The existence of servers, the cloud and other Web-based solutions offer both new storage opportunities and new potential risks for companies.
Data is ubiquitous
When you think of data and digital information, what comes to mind? A computer file storing top-secret information or a stream of ones and zeroes operating behind the scenes to keep your organization afloat? The truth is, data has become such an integral part of business that these days you’d be hard-pressed to find an aspect of your company that isn’t dependent on digital information in some form.
Everything from employee personal records and payroll information to company data, market strategies and information on developing products falls under this umbrella, and companies have a vested interest in protecting it all equally.
A new threat
Of course, once sensitive information was digitized, it was unfortunately inevitable that corporations would face challenges on this new front. One recent and noteworthy example comes from hardware retailer Home Depot. According to the Society for Human Resource Management, the company’s systems were broken into, compromising the financial information of around 40 million customers.
Sadly, this is just one example. Whether it’s credit card data being stolen or personal information being revealed, companies are very quickly learning of a new hidden cost of digitization.
Training for security
Although it may be discouraging, companies aren’t as helpless as the situation may make it seem they are. One major impediment to increased data security stems from a simple lack of information – employees may not understand the extent of the information being stored, nor how it can be vulnerable to attack. As head of cyber security at BAE Systems Applied Intelligence Craig Searle told Human Capital magazine, security needs to be introduced as a key tenet of the organization – what Searle referred to as a “culture of security.”
HR and management already develop corporate training, and it’s possible to simply integrate security awareness and best practice into that paradigm. Businesses can create online courses to highlight both the extent of the information handled by company servers as well as threats and how they can be protected against. Even simple, every-day practices that seem innocuous can lead to breaches in security and, ultimately, costly information loss. Sharing passwords or leaving them written down in plain sight, or leaving computers unlocked, are practices that should be actively discouraged as part of a data security training program.
Data security is a companywide endeavor, and there are steps that should be taken to keep your organization’s information as safe as possible. Companies should take steps to prevent the probability of data breaches by minimizing chances for attack. Computer World recommended taking steps such as minimizing the amount of information your organization collects. Amassing unnecessary data just increases the chances that it could fall into the wrong hands. Another important step is to keep up with legal compliance as it pertains to data security. Especially companies that operate in several countries, knowing what the requirements for privacy are in each instance is crucial to maintaining security standards.