5 HR Data Security Threats in 2014

HR data security – crucially important to any corporate database or software system but maybe particularly so for your HRMS. After all, it’s stuffed full of personal information relating to your employees (on whose good will and good performance you rely, let’s not forget) and usually it handles or is integrated with your payroll package. So, in the event of a breach, that’s social security numbers plus banking details; it’s an identity thief’s dream scenario. So what are the current security topics you need to be focused on to ensure HR data integrity?

Bring Your Own Device

As the tidal wave of mobile use is accompanied by the desire for individuality and personal device use, organisation’s implementing BYOD programs are tackling increased security issues. Security of information up- or downloaded on the move is always a concern but when that data might include payroll and benefits data it is particularly sensitive. The devices may vary from user to user but the security policy and protocols should not.

Mobile Applications

With mobile come applications and a constant flow of data to and from the internet and the cloud. The latest startup collaborative HR app may offer unparalleled functionality and speed but how proven is its HR data security; apart from anything else, just where is it storing your data? This issue is certainly exacerbated by a BYOD approach and in-house policies might want to consider whether a list of ‘banned apps’ is worth having; and if is, how will it be monitored and enforced.

Compliance

Even if the data is safe from hacking and cyber attacks, another risk is non-compliance with the local legislation (and multi-national operations may have to consider different and even conflicting laws). One example is the U.S.’s Health Insurance Portability and Accountability Act (HIPAA) which demands native encryption on any device that holds relevant data.

Risk of Litigation Exposure

Another risk beyond simple data loss or theft is the fact that once information is mislaid, you may be subject to legal action from the employee whose data it was. The organization (usually through HR) has a duty of care to safeguard employee privacy and that includes HR data security.

Lack of Awareness

The biggest risk is always human error and that particular factor is greatest when your users are unclear about the true danger of HR data loss. As an indicator, the most recent Ernst & Young annual information security survey found 30% of respondents didn’t see security as an important issue when it came to smartphones and other devices. Once respondent was quoted as saying, “The weakest element in information security is the human factor. As a result, we are constantly improving the awareness programs and introducing new security instruments.” Put simply, lack of awareness = lack of care = loss of HR data security.

In short, the potential data security threats for HR in 2014 are an integrated blend of hardware, software, policy and personal; ignore any of these elements at your peril.

author image
Dave Foxall

About the author…

Dave has worked as HR Manager for the Ministry of Justice for a number of years, he now writes on a broad range of topics including jazz music, and, of course, the HRMS software market.

author image
Dave Foxall