HR possesses some of a company’s most valuable data, including employees’ Social Security numbers and other personal information that a company must work to protect. Though some may believe HR professionals are mainly responsible for carrying out personnel decisions and benefits management, HR staff can and must help protect their organization from cybersecurity attacks.
HR staff can make many contributions to help fortify their organization’s data security program and help keep the company resilient against attacks. Some of these include working on employee training and identifying sensitive HR records.
Here’s how HR professionals can help bolster data security efforts.
Help establish and communicate established security policies
HR professionals should serve on the organization’s IT and security governance committee and help create security rules.
HR staff should then communicate their organization’s acceptable usage policy and confidentiality and nondisclosure requirements to employees. These may exist in standalone documents or as part of an employee handbook.
Organize security training
HR staff should ensure that all employees are receiving the necessary corporate training, which includes expectations around computer and internet usage. HR staff should also consider implementing periodic tests to ensure that security stays on top of employees’ minds.
Work on data standards
HR staff should work with technical professionals and legal staff to establish company data classification and retention standards, as well as policies that meet state and federal legal requirements. They should also collaborate with tech professionals and legal staff to decide on wording for vendor, business partner and customer contracts.
In addition, HR should work with technical professionals to ensure they are properly destroying employee records in accordance with corporate policies around data retention.
Identify sensitive HR records
HR staff should work with technical professionals to discover sensitive HR records across the local network and in the cloud to help ensure those data assets are properly protected. They should also evaluate existing and emerging compliance requirements…