There are lots of advancements in technology and it is a wonderful thing. But with more digital advances there is an increase in hacking and human error. It is necessary to make sure that your employee data is safe.
The year 2018 saw several security breaches or attempts against charities and businesses. This also resulted in large financial impact on these organizations.
All the successful attacks on the organizations not only exhibit the victims to huge fines but the negative publicity prevent the clients from dealing with that organization next time. Imagine British Airways or any such major names who have suffered major security breaches in the past year. Besides customers the employees also get concerned about how their personal data will be compromised.
Currently most of the companies are using cloud-based storage facilities from third parties rather than using their own ones. This makes managing your data even more difficult. Nowadays the employees can manage their work from anywhere by using various apps. All these lead to rise in security issues.
Steps to be taken by the HR departments to assess data security
Let us take a look at some of the steps HR departments should consider when assessing data security. First, what is the supplier company’s level of security accreditation? Check if it has ISO 27001 certification that is certified by a body recognized by the United Kingdom Accreditation Service (UKAS). This indicates that they have the highest level of independently assessed security.
Check how resilient their systems are. ISO22301 covers business continuity and is being used by organizations to ensure they have appropriate disaster recovery and business continuity in place. Those who do not have ISO22301 should still have documented what disaster recovery and back-up they have in place.
Run an ethical hacking exercise to check when they have tested their systems last. Ask questions like did they ever had any real incidents? What were they and how did they deal with them? Be doubtful if anyone says it’s never happened. Numerous organizations have suffered attempted hacks or security breaches. It is important to find how they managed these, what actions have been taken and what have they learnt from the incident to make sure it will not happen next time.
Imagine a situation where your employee forgot a laptop or a work or personal mobile. Is your hard drive or mobile phone encrypted and any important data on those devices be remotely erased?
It is also important to examine your cyber security training. Despite the various attempts it is known that only 20% of businesses and 15% of charities have invested in such training. Only 27% of businesses and 21% of charities have some kind of cyber security policies in place. Further studies reveal that up to 88% of data losses are due to human error.
Digital, cloud and app-based HR solutions are helpful in providing better working practices and excellent opportunities for employers and staffs. But before investing in these types of technology it is necessary to address the security of the data. It is not possible for any organization to completely secure from an attack or threat, but by asking the right questions you can at least make sure that if the worst were to happen you have taken the correct steps to ensure the impact to your organization will be minimum.