CASE STUDY

How to Keep Company Data Secure

Human resources is a minefield of personal data. Employees trust HR leaders with sensitive information that could cause a disaster if it slipped into the wrong hands. Social Security Numbers, birthdates, and addresses are all common data points that HR teams have access to.

Unfortunately, public and private sector organizations alike face a growing number of cybersecurity threats—both internally and externally. These risks only increase as an organization grows in scale. So, how do you keep your data secure? We have some great tips for you whether you store information on-site or utilize technology.

How to Keep Company Data Secure On-site

First, let's consider how to keep company data secure on-site. Many organizations start their HR journey by keeping file cabinets full of essential HR documents. If your team is small and comes into the office, this is the perfect way to store data. There are potential breaches in an on-site location, though.

Limit Access to Company Data

HR documents should always be filed in a storage solution with a lock. On top of that, storing these documents in rooms with a few layers of protection is important. For example, keeping records at the front of an open facility wouldn't be a good idea. Instead, store documents in a room with a lock in the back of the office You also want to limit who has access to all the keys. These quick best practices will make it harder for intruders to access data.

Offer Regular Data Security Training

HR teams should offer regular data security training to HR professionals and the team at large. For example, you can train employees on things like:

  • Identifying and reporting phishing attempts.
  • Protecting secure rooms from nefarious actors.
  • Spotting internal data security issues.

Practice Safe Data Cleaning

Lastly, you should also practice safe data cleaning. Organizations like SHRM have shared that companies often keep employee records for seven years after that work has been terminated. It is good practice to keep up with record retention statutes. After that time has passed, you must dispose of records properly. Pruning your HR documents regularly will help reduce the number of documents you are responsible for protecting.

How to Keep Company Data Secure when Utilizing Technology

As your team grows, you might decide to use a Human Resources Information System (HRIS) to keep up with all of your employee data. HR software comes with its own set of challenges. Whether you are using an internal system or investing in external software, here are some tips to keep data safe.

Understand How the Technology Works

It's important to be well-versed in how the technology you will be using works. What is the safest way to get employee data from point A to point B? How can you open and receive the data while mitigating risk to your team? Work with your organization's information technology department to ensure you use any technology correctly.

Encourage Employees to Create Complex Passwords

Creating complex passwords and changing them often is the best way to secure company data. Employees should also avoid reusing passwords because a reused password allows hackers to guess other accounts. You can encourage employees to use tools like LastPass and 1Password to create complex passwords and keep tabs on their passwords.

You must ensure that administrators follow the company's complex password protocol. When a regular user gets breached, you can typically solve the problem quickly and confine the issue to one account. However, intruders gain access to many systems when an administrator is breached.

Avoid Unencrypted Data Movement

When you migrate data, it should always be encrypted during that transit. For example, instead of sharing via email, you might want to use an encrypted data transfer method like sending files through Dropbox or Google Drive.

What to Do When There is a Company Data Breach

Even the safest companies can fall victim to a data breach. According to IBM, the average data breach cost is $4.35 million. Although this number isn't representative of smaller organizations, data breaches can still cost the organization a lot of money. Here are some tips on what to do when these breaches happen.

Assess the Situation

It's easy to freak out, but that doesn't help you or your team make the best business decisions. Instead, focus on gathering the facts. Talk with the person who discovered the breach and ask:

  • When did they notice it?
  • What was happening when they saw it?
  • Do they know when the breach took place?

Try to get as much information as possible and avoid speculation.

Communicate with Affected Parties Early and Often

Once you have all the facts and know who is affected, talk with only those parties to start. You can loop in other parties later, but it's not fun to realize your data was breached through the grapevine. The affected parties deserve to know first.

Find Potential Internal and External Remedies

Lastly, you want to find any potential internal or external remedies for the data breach. If this was an internal issue, check your company's business insurance. You might have data breach insurance to help cover the remedies. If the breach was due to an external platform, contact your representative at that platform because they can likely help protect your impacted team members.

Remedies to data breaches often include measures like credit monitoring services or potential damages, depending on the scale of the breach.

Key Takeaways

While HR is in charge of keeping up with essential data, it's not always easy to keep everything secure. Although organizations are learning to provide training and prepare for data breaches, hackers are getting smarter every day. What hackers do today won't look the same a year from now. That means public sector organizations must remain stay vigilant and teach employees to do the same.

RegisterDOWNLOAD PRESENTATION
Human resources is a minefield of personal data. Employees trust HR leaders with sensitive information that could cause a disaster if it slipped into the wrong hands. Social Security Numbers, birthdates, and addresses are all common data points that HR teams have access to. Unfortunately, public and private sector organizations alike face a growing number of cybersecurity threats.
How to Keep Company Data SecureDOWNLOAD
Jason Litchney

Jason Litchney brings over 15 years of experience and passion in marketing for the public, private and non-profit sectors. Jason is a dedicated leader, national speaker and entrepreneur responsible for founding and managing the growth of multiple organizations recognized on the INC 500 fastest growing companies list. Jason serves as the Marketing and Employment Branding Manager at CPS HR Consulting and helps public agencies brand their organization to attract and retain talent.

About CPS HR Consulting

CPS HR Consulting is a self-supporting public agency providing a full range of integrated HR solutions to government and nonprofit clients across the country.  Our strategic approach to increasing the effectiveness of human resources results in improved organizational performance for our clients.  We have a deep expertise and unmatched perspective in guiding our clients in the areas of organizational strategy, recruitment and selection, classification and compensation, and training and development.