Data protection has been an important element of an HR executive’s role for a good long while now. It is accepted that an important aspect of the role is to ensure that the personal information of staff members, contractors, and applicants is kept safely and securely, and used in a proper, law-abiding way.
As technology has progressed, however, the means by which this is done has evolved. Long gone is the locked filing cabinet with paper records that only the head of HR had a key to.
As computer files have become the norm, companies have invested in servers and other technology, and so this data has been stored securely on the internal office network. Again, access has been restricted to only the appropriate members of the HR team, but now there is no need to go and get the key from the department head.
However, now things are moving on again. More and more HR departments are seeing their software capabilities migrating into the cloud, and this, in turn, is bringing new data protection challenges.
Whether you have already seen your HR technology move into the cloud, or you are about to, it is vital that you have the right cyber-security procedures in place to protect this data. If it should be compromised in some way, you are not only at risk of breaking data protection laws, but are putting significant data from elsewhere in the company at risk as well.
Who Is the Threat?
The first thing to consider is where the biggest risk to cloud data lies. And the answer is somewhat surprising. People think of cyber-attacks as being perpetrated by masked computer geeks, sitting in their bedrooms with the curtains closed and running complex and malicious programs.
In reality, the culprits behind most online data breaches are staff. It is often an inside job – sometimes because of malicious intent, sometimes through incompetence, but still more often than not as a result of the actions of staff.
Then there is the risk posed by staff leaving the company. A remarkable 60% of fired staff have admitted that they will steal corporate data either before or after leaving the company. That means almost two in every three staff members you dismiss will try to steal data from your company.
Data Breach Damage:
There is also the damage that a data breach can cause. Perhaps the most recognized is reputational damage. Never mind the bad PR that a data breach can bring: it will also affect your customer base and it is likely to drive their business to competitors.
Apart from this, there is the risk of fines by regulators and the Government, which can stretch to millions or even tens of millions of pounds.
A data breach is also shockingly bad for staff morale, as it can often undo months of hard work they have put in, and also lead to finger-pointing as they wonder if the problem was the fault of someone inside the business. (As we have seen, it often is.)
Mitigating the Risk:
So, that’s why cyber security should be a top priority in HR, but how can HR teams go about mitigating the risk of data breaches and ensuring that their cloud software is as secure as it can possibly be?
Well, there are a few simple tools and tips which can put you very firmly on the right path:
1.Cyber-Security Education for Staff:
Ensure that cyber-security training is a key part of your staff’s professional development. Giving staff the information they need to know how to access and use data safely and securely, both on and off-site, will go a long way towards offsetting the risk of human error being the cause of a data breach.
There are numerous external providers who will tailor a short course to suit your needs, and it also advisable to run refresher sessions from time to time to make sure the importance of the matter doesn’t slip people’s minds.
2.Use Encrypted Communication:
If members of staff are communicating sensitive or confidential information, they need to be doing so securely. And many online messengers and other communication tools are anything but that.
Set up a standard corporate online messaging service and be sure to choose an encrypted provider. Slack is a good provider that offers a service tailored to corporate needs, as well as a range of other useful facilities besides the all-important encryption.
Other options include Signal, which is a hugely popular encrypted messenger that has seen a spike in users since Donald Trump’s election in the USA.
WISP is an example of an HR solution with an encrypted messenger inside it. It is an employee onboarding and engagement app, which is used, for instance, by the famous Ohio University Marching Band 110 that has accumulated millions of views on YouTube.
3.Use a VPN:
All businesses should be using a VPN and ensuring that all staff are connected to it before they access their online data and services.
A VPN works by encrypting all the online traffic on a device. This protects it from both hackers and any other prying eyes out there. It sends all your online traffic down an encrypted pathway and via an external server. This has the further benefit of rendering users almost anonymous online too – a great privacy addition.
There are other perks too. If your staff travel for business, a VPN lets them get around online censorship in authoritarian countries like China and also access geo-blocked content, no matter where they are in the world.
VPNs are becoming the default tool for individual and corporate users to protect their online privacy and security, and they need to be for your business too.
Monika Tudja is the Head of business development at Fried.com – a website dedicated to educate individuals on how to protect their online privacy through comprehensive guides and tutorials.
She is passionate about online privacy, cyber security and maintaining a “free web” for the entire globe.