What HR pros need to know about data security

  • career advice
  • March 30, 2017
Chief technology officers aren’t the only ones interested in data security. Increasingly, corporate leaders are looking toward human resources (HR) to fill this critical role at the juncture of employee privacy, training and company policy. In fact, HR professionals can greatly grow their value to the employer by focusing on data security in 2017 and beyond.

As data breaches and identity theft of business software continues to increase, HR can find itself in the unexpected role of managing, monitoring and enforcing data privacy. Why? Some 53 percent of all data breaches, malicious or otherwise, came not from external hackers or malicious threats, but from employees and company executives.

Contrary to popular belief, individual contributors (39 percent) and senior leaders (33 percent) were much more likely than contractors (12 percent) and team managers (14 percent) to routinely violate data policies, meaning that this is an issue that HR cannot afford to ignore.

“It’s considered inherent that someone in the HR profession who works with privacy issues is extremely sensitive and careful with personal information,” says Ed Coyle, vice president Randstad Professionals, human resources.

Data breaches

Protecting that information is not just HR’s responsibility, it’s also an opportunity – 70 percent of chief information officers (CIOs) recently surveyed suggested lack of in-house expertise was the biggest challenge to data security and privacy.

Too often, HR professionals only work with IT when there’s been a data breach. That’s a missed opportunity, according to Jason Hite, SPHR, SHRM-SCP, Xcelerate Solution’s vice president of human capital management and a member of the Society of Human Resource Management’s Technology and HR Management Panel. “HR is critical to establishing the employee psychological contract (refers to the unwritten set of expectations of the employment relationship). HR professionals are one of the key groups who have direct interaction with employees and communicate the organizational culture. HR needs to broaden its perspective. Data security isn’t just protecting employee data; it’s about establishing the data security culture and expectations of employee data security behavior.”

Identity theft

Identity theft is the fastest growing crime, and the most breached data in 2016 included social security numbers, mailing addresses, checking accounts and drivers’ licenses. This makes most HR systems of record an obvious target, according to a McAfee Labs report. In fact, HR departments have been the target of recent well-known phishing scams, says Hite, who previously headed up HR for the U.S. House of Representatives.

Between January and March of 2016, more than 55 companies had reportedly been tricked into emailing criminals sensitive payroll data, according to the security blog Cloudmark. HR professionals were duped when they received spoofed or fake email messages from thieves posing as senior company officials.

Criminals obtain W-2s with Social Security numbers, salary data, birthdates, addresses and other personally identifiable information. They then file false federal tax returns and claim refunds from the government.

Opportunities for HR professionals

Data security issues impact HR directly. Data breaches, even when unintentional, can damage an employer’s reputation, making it difficult to recruit and retain the best talent. HR professionals are essential to help communicate how a breach was uncovered, how many people it impacted, how the team overcame the obstacle, what efforts were made to help affected employees and what measures were taken to prevent similar issues from occurring in the future.

So how can HR professionals bolster data security at their organization? The obvious answer is to create and follow policies prohibiting the divulging of employee data when handling payroll data. Awareness and education can prevent fraud among HR professionals and employees at all levels.

“A lot of it is self-education,” said Hite, mentioning that the SHRM certification requires an awareness surrounding technology. “Keep abreast of what’s going on in the information technology field.” There are a number of resources provided by SHRM and the National Initiative for Cybersecurity Education that can assist HR professionals. 

Hite advises HR to create a partnership with IT regarding data security policy and implementation. “Organizations need a strategic HR leader that is actively engaged with peer leaders (CFO, CIO, CISO, etc.). The biggest thing is to have a more dynamic view. HR needs to create consistent employee communications and help determine how [data security] information is communicated. I always made sure I had ongoing conversations with the CIO to see what is going on with data security. Creating a peer relationship is crucial. HR has to evolve.”

Find out the moment opportunities become available by signing up for Randstad's job alerts. Just tell us the kind of position you want, and we'll email you when we find it.