Four HR security precautions BYOD workplaces should take

Are you operating a Bring Your Own Device (BYOD) workplace? It’s a popular strategic decision made by many IT departments to save on costs and training, but the sensitivity of HR data elevates the need for security precautions. Here are four areas that you cannot miss when you enable mobile HRMS software in a BYOD environment.

1. Choose your HRMS security settings to accommodate higher risk

Most HRMS on the market will offer you a variety of security settings. If all of your users are onsite on a local network, you’re operating in a relatively safe environment. Once you start to have users accessing your HRMS remotely on their own devices your risk level increases rapidly.

Guide: HRMS implementation: 9 steps to success

Configure your HRMS to allow for BYOD workers. You can enable useful functionality like employee and manager self-service but increase your user permission security to meet BYOD challenges. Does your HRMS allow for multi-factor authentication? Users are accustomed to higher security mechanisms from other online transactions like personal banking so your HRMS should operate at a similar level.

2. Get your HR data legals in order

The introduction of BYOD has created a number of new challenges for legal departments as the users’ devices are not often directly under a company’s control. It is important to create a legally binding document for employees to review and sign to promote policy compliance.

Do you have defined standards of how long HR data should stay on a company computer? Your BYOD policy should be the same or stricter to be sure that employee data does not remain outside of your network for any longer than necessary. Training is a critical element for of a good security plan.  Employees are often not careless with HR security but rather lack awareness of defined standards. A legal document and regular refresher training will help to keep your policies active.

3. Establish a remote data wiping policy

The idea that a company can take control of an employee’s personal device and restore it to factory settings is a controversial one. If an employee’s device is lost or stolen, sensitive HR data like bank accounts, social security numbers and personal details are in danger.

Determine your HR users with the highest level of data access as they are the biggest risk. HR employees in this classification need to be subject to this policy. Remind employees to regularly back up personal files like photos and be sure that the company is not using this access for any purpose except a lost or stolen device.

4. Launch and monitor device security standards

Go back to the basics of user security and educate your employees in this area. Is everyone enabling the minimum security features on their devices? Is anti-virus protection in place and is it up to date? Your company has a duty to help employees to lock down and protect their devices due to their access to HR data.

author image
Heather Batyski

About the author…

Heather is an experienced HRMS analyst, consultant and manager. Having worked for companies such as Deloitte, Franklin Templeton and Oracle, Heather has first-hand experience of many HRMS solutions including Peoplesoft and Workday.

author image
Heather Batyski