Industry Spotlight

Keeping HR Data Secure in a Time of Data Breaches

Risk management has never been more important, especially at a time when data breaches continue to increase. There are numerous high-profile examples involving the theft of employee data. Identity fraud cases exceed 10 million annually, but that’s just the tip of the iceberg. More than 4 billion records were breached in the first half of 2019 alone. By September, that number had nearly doubled, reaching 7.9 billion for the first nine months of the year.

To mitigate the risk of future cyber incidents, HR teams need to feel confident that their processes and the providers they work with treat their employees’ data with the care it deserves. And by establishing the right policies and procedures, organizations can ease employee concerns by being open about how data is used, stored and protected.

Start With Security Education and a List of Best Practices

Risk management efforts are often hampered by things that have little to do with IT, antivirus software or patching vulnerabilities. It may sound basic, but employees who use generic passwords across many accounts expose the organization to the risk of attack and make it easier for malicious actors to gain access.

This is just one of the risks that should be ironed out with a list of best practices. Employees also must be properly educated about the potential risks of their behavior; for example, regularly reiterating that links coming from a stranger—which increasingly appear to be legit—could well be from a hacker, so it is important to verify the source before sharing personal information.

Employees can’t do it alone, however. Organizations are also responsible for keeping employee information safe. According to the results from “The age of agility: Flexible, adaptable and resilient benefits 2020/21,” 53% of respondents think current procedures and processes with HR technology expose them to undue risk. This is very problematic, considering the amount of employee information that businesses are required to collect, including Social Security numbers, healthcare details and home addresses. Many rely on general HR software to access their benefits (71%) instead of using best-of-breed benefits software (48%).

Spreadsheets continue to be the leading tool for collecting and analyzing employee data, with 77% relying on Excel. But those who use Excel spend less than half (49%) of their HR budget on technology, indicating that they are somewhat averse to investing in best-of-breed technology that provides an extra level of security. As a result, these firms are leaving themselves exposed to error, additional hours of admin and the risk of data loss. In fact, 55% spend at least 11 hours transferring data between systems every single month.

Spreadsheets and other manual-based reporting methods are not only ineffective, but they also lack encryption. Consequently, they are vulnerable to outside access and could be sent to the wrong person, compounding the issue. Typing and tracking errors, as well as versioning mistakes (where multiple HR departments/representatives enter data into several versions of the same document) are also very common. This can lead to confusion and/or incorrect data entry.

The Right Technology Helps Protect HR Data

It’s time for IT and HR to connect. Together, they can come up with a security strategy that works for everyone, ensuring that employees are better protected.

Organizations should convey that the purpose of data collection is to help them understand how employees are engaging with their benefits plans and to help make plans more personalized.

Employee data is often stored in multiple places—payroll, a human resources management system, spreadsheets, provider systems and so on. Employers can reduce their exposure to risk by centralizing their data and processes. This helps enterprises overcome the most significant challenges within employee benefits management and administration. Global benefits management makes it easy to record employee benefit interactions to a standard set of targets, also creating a full audit trail for HR and benefits teams. What’s more, it alleviates security concerns by offering robust processes, as well as internationally recognized certifications, including ISO 27001.

Put an End to the HR Data Risk

With ever-increasing amounts of data breaches, employee data is more vulnerable than ever. This has created a whole host of challenges for HR teams, but they can greatly reduce the risk by syncing up with IT to properly educate employees about security risks and how to keep their data safe. By taking advantage of a global benefits administration platform, employers can overcome many of the functional problems and security vulnerabilities associated with old-school reporting methods, and employees will feel a sense of security, knowing that they work for a company that values the safety and well-being of its staff.

Chris Bruce

Chris Bruce is the co-founder and managing director of Thomsons Online Benefits, a global benefits management and employee engagement software company that also provides consultancy services related to rewards, workplace pensions, and employee benefit programs. He has been in the benefits industry for more than 20 years. Driven by an entrepreneurial spirit and passion for all things Darwin, his main focus is on the development of new markets and engagement with global clients. He loves meeting with CHROs and reward leaders to support them in staying one step ahead of the rapidly changing benefits landscape.

Recent Posts

Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones

Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support.

3 hours ago

AI Apps: A New Game of Cybersecurity Whac-a-Mole | Grip

AI Apps are launching faster than cybersecurity teams can review. How can you stay ahead of the AI explosion that…

4 hours ago

Over 100 Malicious Packages Target Popular ML PyPi Libraries

The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the…

4 hours ago

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors…

5 hours ago

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

Singapore, Singapore, March 28th, 2024, CyberwireGoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

5 hours ago

Checkmarx Aligns With Wiz to Improve Application Security

Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP.

6 hours ago