4 Tips To Help HR Personnel Avoid IT Risks
Human resources staff have some unique concerns regarding the confidential applicant, employee, and former employee information. Also, the potential negative PR from a security breach is concerning. Everything from salary information to social security numbers to home addresses is all on file with the HR team. Accordingly, extra care must be taken to reduce IT risks.
Here are 4 tips for HR personnel to avoid the worst risks.
Security Scans for Malware, Viruses, etc.
All HR systems must be protected from malware, spyware, adware, ransomware, and any other unfriendly software threats.
These can look innocent enough, arriving as a USB flash drive to the HR department or via an email attachment with a resume, background information, or industry research from a source. And yet the damage it can do just by opening a single file is terrifying.
Companies must take proactive measures against malware using best practices to limit exposure to the worst risks and minimizing potential troubles elsewhere.
While not all concerns can be fully addressed, being proactive (rather than reactive after the fact) is the best defense of all.
Create Secondary Protection for Personnel Files
When personnel files are kept on a computer, then the company has a duty of care for the information they hold.
While regular files may only need to be password protected via the login on the employee’s user account, greater protections are required to safeguard past and current employees’ details.
It’s recommended you encrypt the hard drives at system level to protect against them being stolen and the information accessed directly from the database(s) or spreadsheets.
Also, secondary passwords, fingerprint scans, or other security measures should be used as additional authorization to access personnel files beyond being the right active user on the PC itself.
Be Wary of Laptops Taken Off-site
While HR personnel may meet recruitment consultants at their agency’s HQ or meet other contacts in pursuit of the best personnel, taking company laptops off-site is problematic.
It has often happened that an employee will mislay it, leave it on a train, or unlocked and accessible. Just having the laptop outside of the office (other than in the worker’s home if they’re working remotely) creates fresh concerns for IT security.
Even with password protection, with a stolen laptop, skilled people can still brute force access in various ways by exploiting vulnerabilities at software or hardware level.
Take Care with External Internet Access
Employees need to be mindful about how they access the internet using work PCs and smartphones outside the premises.
Using a 4G connection from their phone and a virtual private network (VPN) is the safest route (other than waiting until they’re back at work or home on a fiberoptic connection).
Accessing public Wi-Fi is a no-no, even when using a VPN because it can cut out unexpectedly yet not always disconnect the internet connection at the same time. Also, connecting to the Wi-Fi network of the company that HR staff is visiting isn’t much better either. Their IT security could be subpar too.
Unfortunately, being paranoid is necessary to protect confidential HR information. Even job applicants visiting for an interview shouldn’t be left alone with an unlocked laptop in an interview room. Data security must be maintained at all times to keep it safe from prying eyes.
