Why data security is as much an HR as an IT issue
HR teams have become tech savvy and data heavy in recent times. The information they hold is critical to the operational success and decision-making of their organisations. It is also a source of potential risk. And with COVID-19 resulting in workers across the nation navigating an unprecedented shift to remote working, HR leaders coudl be accessing sensitive data without the necessary security usually afforded when they are working in the office.
As the pandemic accelerates the use of devices to remotely access corporate data from the home, it's important HR understands the security implications.
The benefits of cloud computing for HR
With the adoption of cloud-based software and digital tools, HR teams are able to access work-related data from any device, from any location, at any time. Administrative tasks had already become less complicated and more automated due to the rising adoption of cloud computing, but now teams have also been freed up to concentrate on important aspects of people management in a crisis like mental health and wellbeing. However, what hasn’t changed is the fact that they remain responsible for a huge amount of very sensitive data.
Responsibility for data security is as much of an issue for today’s HR team as it is for the IT department. Putting data security at the heart of the HR process should be non-negotiable
Security and compliance
This data could be information like the personal and financial details of employees or students at a university, for instance. What is undeniable is that it offers the potential of rich pickings for the growing army of cyber criminals that have taken advantage of the move to home working.
The General Data Protection Regulation (GDPR) holds companies accountable for protecting the personal information of staff. Any breach of this data could be catastrophic. Not only could it result in a substantial fine, it could even lead to a criminal prosecution. It is a rare organisation that could survive such a devastating blow.
This is why it’s a good time to review how you protect your HR data, to ensure it is stored and accessed in a way that is compliant with data protection regulations and keeps the cyber attackers at bay.
Ensuring data security in the cloud
Do you know where your data is and where it is being stored? If the services you are using are hosted on a public cloud provider’s platform the data could be stored in any data centre they own, anywhere in the world, and the backup copy might only be available for a limited period – such as 90 days in the case of Microsoft 365. Accessing the data via the Internet from your own device could leave your organisation vulnerable.
With many data breaches happening because of a combination of human error and poor data security management, it's important to be aware of how to beef up your protection.
The security of your HR data in the cloud rests on the policies and procedures of the company that provides the hosting. You are relying on the provider of the service to maintain the security of their infrastructure (their data centre) and adhere to industry standards and data protection regulations. Data stored in the public cloud sits on a multi-tenant cloud platform that is shared with other customers, and while it is kept separate, it does mean that if one of those other customers has a breach, access to your data could be impacted.
This is why some organisations choose to host their HR data on a private cloud. With a private cloud,the hosting environment is built on hardware and physical infrastructure that is dedicated to your organisation, the data is encrypted and the platform is maintained according to globally agreed security best practice and policy.
Private cloud hosting is best suited to organisations that cannot use shared platforms for regulatory and compliance reasons, as well as those that are concerned about data sovereignty and need to have their data hosted in a particular country by law.
Private cloud is usually the choice for organisations that are responsible for business critical or sensitive data, which makes it eminently suitable for HR purposes. This more centralised control and compliance minimises the potential of a data breach. There is also the benefit of the costs of private cloud being the same every month.
Data is being integrated into all aspects of HR processes in order to make them more streamlined. HR teams are responsible for a huge amount of confidential documentation and personally identifiable information. The way this data is hosted can help drive the approach of your organisation towards business risk.
Responsibility for data security is as much of an issue for today’s HR team as it is for the IT department. Putting data security at the heart of the HR process should be non-negotiable.
Bill Strain, pictured below, is security director at cloud services provider iomart