3 Nightmare HRMS Security Scenarios
Your HRMS can be a treasure trove of data that will power your business to make better decisions. But when access to that data is not controlled or is misused, your business becomes vulnerable! Make sure that your HRMS fortress is not at risk; here are HRMS security nightmare scenarios to avoid at all cost.
Lack of segregation of duties
Do you know who has full HRMS access? Can any user perform the full employee lifecycle from hire through to termination and generate a paycheck too? If you have powerful users who can do everything, you have an HRMS security risk! I’ve heard of a disgruntled employee who began to delete core foundation data along with other key items such as user ids and scheduled processes when he heard that he was to be released. Cleaning up after him once his user access was finally removed took weeks. This person was too powerful on a daily operational level, never mind in when he was in destruction mode!
Uncontrolled mass change capabilities
Mass change can be a useful and necessary tool that makes life easier for the data entry folks. In the wrong hands, however, it becomes a very dangerous weapon as mistakes are compounded by the hundreds. If you’re going to use mass change, limit the users who can do it and ensure that the persons doing the loads are trained to the hilt, in doing so ensuring HRMS security. I’ve seen semi-trained, unauthorized resources cause hundreds of rows of mass correction in the database due to being in a hurry and not following through normal testing procedures.
Lack of user understanding of the power of data
When you give users access to the HRMS, make sure that they are aware of the processes and procedures around data handling, in particular when sensitive data is involved. If you’re not following the principle of ‘least privilege’ or giving users only the minimum amount of data needed to perform their daily work, you’re tempting fate with an unauthorized data release. Whether intentional or otherwise this could lead to a huge breach in HRMS security. For example, I once saw an HRMS Professional release sensitive data including bank account details and salary; she had used an Excel Spreadsheet that included all employee data but had hidden the excess rows and columns. Savvy recipients were able to unhide the data and HR department ended up with egg on their face that day. The user had no need for bank account and controlling access more tightly would have removed this possibility for error.
Has your HRMS provider gone out of business? Here's what to do
Tips on picking up the pieces when your HRMS provider goes out of business
15 ways to minimize risk of ransomware attacks on your HRMS
Up your HRMS security and protect your company from ransomware attacks using these tips
On-premise HRMS security: four tips
How to beef up security for your on-premise HRMS, including disaster recovery, mobile security an...