Human resources is a minefield of personal data. Employees trust HR leaders with sensitive information that could cause a disaster if it slipped into the wrong hands. Social Security Numbers, birthdates, and addresses are all common data points that HR teams have access to.
Unfortunately, public and private sector organizations alike face a growing number of cybersecurity threats—both internally and externally. These risks only increase as an organization grows in scale. So, how do you keep your data secure? We have some great tips for you whether you store information on-site or utilize technology.
First, let's consider how to keep company data secure on-site. Many organizations start their HR journey by keeping file cabinets full of essential HR documents. If your team is small and comes into the office, this is the perfect way to store data. There are potential breaches in an on-site location, though.
HR documents should always be filed in a storage solution with a lock. On top of that, storing these documents in rooms with a few layers of protection is important. For example, keeping records at the front of an open facility wouldn't be a good idea. Instead, store documents in a room with a lock in the back of the office You also want to limit who has access to all the keys. These quick best practices will make it harder for intruders to access data.
HR teams should offer regular data security training to HR professionals and the team at large. For example, you can train employees on things like:
Lastly, you should also practice safe data cleaning. Organizations like SHRM have shared that companies often keep employee records for seven years after that work has been terminated. It is good practice to keep up with record retention statutes. After that time has passed, you must dispose of records properly. Pruning your HR documents regularly will help reduce the number of documents you are responsible for protecting.
As your team grows, you might decide to use a Human Resources Information System (HRIS) to keep up with all of your employee data. HR software comes with its own set of challenges. Whether you are using an internal system or investing in external software, here are some tips to keep data safe.
It's important to be well-versed in how the technology you will be using works. What is the safest way to get employee data from point A to point B? How can you open and receive the data while mitigating risk to your team? Work with your organization's information technology department to ensure you use any technology correctly.
Creating complex passwords and changing them often is the best way to secure company data. Employees should also avoid reusing passwords because a reused password allows hackers to guess other accounts. You can encourage employees to use tools like LastPass and 1Password to create complex passwords and keep tabs on their passwords.
You must ensure that administrators follow the company's complex password protocol. When a regular user gets breached, you can typically solve the problem quickly and confine the issue to one account. However, intruders gain access to many systems when an administrator is breached.
When you migrate data, it should always be encrypted during that transit. For example, instead of sharing via email, you might want to use an encrypted data transfer method like sending files through Dropbox or Google Drive.
Even the safest companies can fall victim to a data breach. According to IBM, the average data breach cost is $4.35 million. Although this number isn't representative of smaller organizations, data breaches can still cost the organization a lot of money. Here are some tips on what to do when these breaches happen.
It's easy to freak out, but that doesn't help you or your team make the best business decisions. Instead, focus on gathering the facts. Talk with the person who discovered the breach and ask:
Try to get as much information as possible and avoid speculation.
Once you have all the facts and know who is affected, talk with only those parties to start. You can loop in other parties later, but it's not fun to realize your data was breached through the grapevine. The affected parties deserve to know first.
Lastly, you want to find any potential internal or external remedies for the data breach. If this was an internal issue, check your company's business insurance. You might have data breach insurance to help cover the remedies. If the breach was due to an external platform, contact your representative at that platform because they can likely help protect your impacted team members.
Remedies to data breaches often include measures like credit monitoring services or potential damages, depending on the scale of the breach.
While HR is in charge of keeping up with essential data, it's not always easy to keep everything secure. Although organizations are learning to provide training and prepare for data breaches, hackers are getting smarter every day. What hackers do today won't look the same a year from now. That means public sector organizations must remain stay vigilant and teach employees to do the same.
CPS HR Consulting is a self-supporting public agency providing a full range of integrated HR solutions to government and nonprofit clients across the country. Our strategic approach to increasing the effectiveness of human resources results in improved organizational performance for our clients. We have a deep expertise and unmatched perspective in guiding our clients in the areas of organizational strategy, recruitment and selection, classification and compensation, and training and development.