Technology is a wonderful thing. But many digital advances increase the potential for hacking or human error. So how can you ensure your employee data stays safe? In April 2018 the British Government’s own Cyber Security Breaches Survey revealed that 19% of charities and 43% of businesses had reported cyber security breaches or attempts in the previous 12 months. That rose dramatically among larger businesses to 72%. The average financial impact was an estimated £3,100. Not only does every successful attack potentially expose the victim to heavy fines, but negative publicity also makes customers weary of dealing with that organisation again: just think British Airways, or any of the other major names who have had significant security breaches in the past year. It’s not only customers who get concerned: employees would also share the same concerns should their personal data be compromised. As more and more companies move away from using their own data storage facilities to cloud-based solutions from third parties, knowing how secure your data is and just how it’s managed becomes even more critical. Add to this the growth in mobile technology, and apps which allow employees to manage everything from their holiday entitlement to updating their own personal data, and you have a veritable minefield of possible security issues.
Steps for HR departments to consider when assessing data security
Technology isn’t going to go away – and indeed the range of applications is more likely to increase than decrease. So how do you make sure your employee data is as secure as it can possibly be? Here are a few steps HR departments should consider when assessing a potential vendor’s data security. Ask when is the last time they tested their systems by running an ethical hacking exercise. Have they ever had any real incidents? What were they and how did they deal with them? Be a little sceptical of anyone who says it’s never happened. As the Government figures show, a large number of organisations have suffered attempted hacks or security breaches. What you need to find out is how they handled these. What actions did they take at the time, and what did they learn from the incident to make sure it was less likely to happen again? What would happen if one of your employees misplaced a laptop or a work or personal mobile? Are your hard drives or mobiles encrypted and could important data on those devices be remotely erased? Also examine your cyber security training. The Cyber Security Breaches Survey shows that despite the downsides of a hack, only 20% of businesses and 15% of charities invest in such training. Further, only 27% and 21% respectively have any kind of cyber security policies in place. Given a further study which suggests that up to 88% of data losses are down to human error, and both these omissions start to look short-sighted.