On-premise HRMS security: four tips
If only from the personal perspective of individual employees, your HR data may be some of the most sensitive in your whole organization. Of course, all your corporate and business data requires secure handling but any loss of employee details (name, address, social security number, bank details, etc.) carries a high embarrassment. In this sense, an on-premise HRMS can be more reassuring. However, just because your HR data is ‘in the house’, its security isn’t necessarily guaranteed. Here are four security tips for an on-premises deployment.
1. Review you building’s security
First of all, ask yourself, how secure is your building? Are security passes required? If so, do all your people wear them all the time? Do you share it with other businesses? If so, do their security policies sufficiently safeguard your part of the building? What are the visitor procedures? Do visitors have unescorted access to all areas, for instance? What specific precautions have you put in place for the ‘server room’ or wherever your hardware is located?
2. Make the most of user access security options
It’s obvious but true: not everybody needs access to everything in the system. When setting up user profiles and accounts, grant them the HRMS security access appropriate to each individual’s role and responsibilities. Do they need to access other users’ data? Do they need to run varying levels of reports? The basic principle is to allocate the lowest level of access possible while still giving an individual everything they need to fulfil their duties. It’s a balancing act. But remember, every unnecessary access that you grant is an unnecessary security risk.
3. Know your disaster recovery and backup procedures inside out
One advantage of an on-premise HRMS is that you’re not at the mercy of a third party data center’s disaster recovery plan. However, the flipside is that you’re responsible for creating such a plan yourself. If you have a power outage, what do you do? How about evacuation due to fire? How about a disgruntled employee (with high-level access)? Develop plans for likely scenarios. Test them to make sure they work. Have a rigorous backup policy… and follow it!
4. Don’t forget mobile!
Your HRMS may be on-premise but that may not apply to all of your users. Field workers, the sales team, people with a home office… all will likely be logging in to your on-premise HRMS from elsewhere, and probably using mobile technology to do so. Ensure your BYOD policy covers data security; off-premise workers need to be particularly aware of the data security risks that apply to them. Remember that mobile devices are easily (and often) lost or stolen. If you don’t have it installed already, consider setting up the capability to track and shut down devices at a distance in case of theft or accidental loss.
In principle, an on-premise HRMS still seems like the more secure option but only if you take data security seriously and address issues such as user awareness, physical access rights, and mobile connection to the system.
Why mobile HRMS security must differ from standard security practices
Mobile HRMS security has some unique issues, which you should take care to address
Has your HRMS provider gone out of business? Here's what to do
Tips on picking up the pieces when your HRMS provider goes out of business
15 ways to minimize risk of ransomware attacks on your HRMS
Up your HRMS security and protect your company from ransomware attacks using these tips