Best HR system features for security

Data security is a constant concern with any software and especially so with an HRMS. It’s full of your employees’ personal data – names, birth dates, social security numbers, bank details, etc. and with increasing integration with other business systems (ERP, CRM…) it’s also a potential entry point to your company’s data as well.

Threats of inadequate data security

What’s the worst that could happen? Well, data loss, identity theft, breach of the duty of care you owe your workforce, corporate espionage(!), the uncontrolled release of confidential company information… any of these and more. Here are a few figures:

• 41% of companies have 1,000+ sensitive files (inc. credit card numbers and health records) left unprotected. (Varonis)
• More than 150 countries and 400,000 machines were infected by the Wannacry virus in 2017. (Malware Tech Blog)
• A malware attack on a company costs, on average, $2.4 million. (Accenture)
• 43% of the cost of a cyber attack represents loss of information. (Accenture)

The key risk issues for employers with HRMS are:

Mobile access

Mobile access to your HRMS is hugely convenient and flexible. However, that connection between your database and the internet is a potential open door. Furthermore, when you start downloading individual business apps that may or may not gel with your other systems, there’s a risk that you’re laying out the welcome mat for malware.

With mobile come applications and a constant flow of data to and from the internet and the cloud. The latest startup collaborative HR app may offer unparalleled functionality and speed but how proven is its HR data security; apart from anything else, just where is it storing your data? This issue is certainly exacerbated by a BYOD approach and in-house policies might want to consider whether a list of ‘banned apps’ is worth having; and if is, how will it be monitored and enforced.

BYOD

Mobile access often means a bring your own device policy in most workplaces. Again, very flexible and efficient but also a security risk given your lack of control over the devices and their security settings, and whatever else the individual employee might be using it for.

Employees

Whether it’s deliberate (the classic unhappy and departing employee) or just carelessness due to lack of awareness, individual workers can be a security risk. Malicious or otherwise, the weakest factor in your HRMS security is the human factor.

Features of HRMS that mitigate ‘employee-driven’ risks

Looking at the above risk factors, it’s clear that people are the potential weak link. What HRMS features might mitigate such employee risks?

User access 

A blanket approach to access does NOT work. Not everybody needs access to everything and when determining access levels, the golden rule is ‘need to know’. Access should be in accordance with roles and responsibilities – most people will only need access to their own personal data. The basic principle is to set access at the lowest level possible while still supporting the individual to do their job.

Timeout

Another potential problem with user access is that people don’t log out when they’re finished with the HRMS. A simple precaution is to automatically log out any user after a set period of inactivity – very useful if someone else has access to an employee’s device.

Mobile

Mobile devices can be hard to monitor and are easily (and frequently) stolen. Whether it’s an HRMS security feature or tacked-on middleware, you need an app that allows to track devices and shut them down in the event of accident or loss.

Disaster recovery

Apart from system features, you need a contingency plan. What exactly will you do if and when you’re alerted to a breach or data loss? Does your scenario planning, ensure that all relevant employees understand the procedure in case of loss or theft of data or device, and when it happens… follow the plan!