3 Nightmare HRMS Security Scenarios

Your HRMS can be a treasure trove of data that will power your business to make better decisions. But when access to that data is not controlled or is misused, your business becomes vulnerable! Make sure that your HRMS fortress is not at risk; here are HRMS security nightmare scenarios to avoid at all cost.

Lack of segregation of duties

Do you know who has full HRMS access? Can any user perform the full employee lifecycle from hire through to termination and generate a paycheck too? If you have powerful users who can do everything, you have an HRMS security risk! I’ve heard of a disgruntled employee who began to delete core foundation data along with other key items such as user ids and scheduled processes when he heard that he was to be released. Cleaning up after him once his user access was finally removed took weeks. This person was too powerful on a daily operational level, never mind in when he was in destruction mode!

Uncontrolled mass change capabilities

Mass change can be a useful and necessary tool that makes life easier for the data entry folks. In the wrong hands, however, it becomes a very dangerous weapon as mistakes are compounded by the hundreds. If you’re going to use mass change, limit the users who can do it and ensure that the persons doing the loads are trained to the hilt, in doing so ensuring HRMS security. I’ve seen semi-trained, unauthorized resources cause hundreds of rows of mass correction in the database due to being in a hurry and not following through normal testing procedures.

Lack of user understanding of the power of data

When you give users access to the HRMS, make sure that they are aware of the processes and procedures around data handling, in particular when sensitive data is involved. If you’re not following the principle of ‘least privilege’ or giving users only the minimum amount of data needed to perform their daily work, you’re tempting fate with an unauthorized data release. Whether intentional or otherwise this could lead to a huge breach in HRMS security. For example, I once saw an HRMS Professional release sensitive data including bank account details and salary; she had used an Excel Spreadsheet that included all employee data but had hidden the excess rows and columns. Savvy recipients were able to unhide the data and HR department ended up with egg on their face that day. The user had no need for bank account and controlling access more tightly would have removed this possibility for error.