Why Should HR Data Security and Privacy be a Core Initiative?
Technology is no longer the special province of programmers and engineers. Nearly every employee at every company relies on technology to do their job and will so increasingly. Human Resources (HR) plays a critical role in helping manage and train this fast-changing workforce – especially when it comes to HR data security and privacy.
Whether your employees are in their first jobs, young professionals, seasoned workers, or – most likely – a combination of these, it is important that everyone (not just security professionals) has a basic knowledge of standards of privacy and security and feels responsible for maintaining your organization’s HR data security.
It’s Just Human Nature
You might think that most HR data security breaches are perpetrated by hackers and cybercriminals. These incidents certainly make the headlines. But the evidence suggests much more mundane causes as the root of most data breaches.
According to recent cybersecurity data from Varonis, only 5% of cybersecurity breaches were caused by external cyberattacks, with most data breaches being the result of human error. In fact, A recent article by the Harvard
Business Review reported that 67% of participants failed to comply with their job’s cybersecurity policy.
Employee mistakes can even precipitate external cyberattacks. According to RedTeam Security, the majority of HR data security breaches involve mistakes by those who already have access to an organization’s systems. The article reported the following:
- 71% of employees inadvertently caused a data breach
- 68% of employees caused a data breach due to negligence
- 61% of employees caused a data breach due to malicious intent
In other words, the firewalls and protections that keep people out won’t do anything about those people already inside.
As security consultant Steve Stasiukonis wrote: “All the technology and filtering and scanning in the world won’t address human nature. But it remains the single biggest open door to any company’s secrets.”
Let’s dig deeper to better understand what these human errors look like and why HR is uniquely positioned to help an organization address them.
Digital Tools in Human Hands
The nature of work is changing, and driving that change are the digital tools we use to create and collaborate. But technology is only half the equation.
As digital tools multiply, so will the number of people relying on them to do their jobs. Without a well-trained and well-managed workforce, technology can be misused or even abused.
Consider a recent survey of employees’ behaviors conducted by Fusion Connect and Harris Poll. They found that 50% of office workers use their personal devices for work. It’s pretty common in this day and age for workers to respond to work emails or access company documents on their phones while doing everyday tasks, like bringing the mail inside.
The survey also reported that 16% of employees opt to work in public spaces, like coffee shops. If employees are performing work tasks on public networks without a VPN, this can also put your organization’s data at risk.
And it’s not just what employees are doing; it’s also what they aren’t doing. Statistics from LastPass reported that employees reuse passwords an average of 13 times, with employees of small business owners leading the charge. Not creating new passwords on a frequent basis poses a huge risk to companies and heightens the chance of someone hacking into their accounts.
Addressing these kinds of behaviors is not simply a matter of better informing employees. It involves motivating and enabling them to build better habits – that is, creating a culture shift that we call “moving the elephant.”
HR to the Rescue: Protecting Data Security and Privacy
In the world of instructional design and behavior change, we use the analogy of the rider and the elephant to describe two parts of our thought process. The rider represents the conscious, rational part. The rider loves to analyze and plan. The elephant represents the emotional part. It follows its gut.
We would like to imagine that we’re always guided by the rider. But mostly we are led by the elephant. It’s what pushes us to do the wrong thing even when we know what’s right – it’s why we can’t resist clicking on that suspicious link and why we fail to update our passwords regularly.
If HR data security training were just a matter of informing employees about best practices, then IT could prepare a slideshow and be done with it. But data security and privacy training is fundamentally about moving the elephant. To see how, it’s important to understand why employees make the decisions they do.
For example, surveys suggest that many workers see a trade-off between efficiency and data security, and more than likely, they’re choosing efficiency over security. In a recent survey, it was reported that 62% of remote employees don’t follow security protocols as closely as they would if they were in the office.
In other words, more than half of the workforce have a clear preference for convenience over data security and privacy. This preference is an elephant problem, not a rider one.
Fortunately, most organizations have a department that is really, really good at moving the elephant: HR.
At its core, HR is about managing people. It oversees employee training, onboarding, cultivating a positive corporate culture, and redressing employee conduct – which are the issues at the heart of moving the elephant and thus at the heart of good data security and privacy.
HR can help an organization create a work environment that empowers employees to use new technology efficiently while not sacrificing the safety and security of their or your organization’s data. Changing practices, beliefs, and attitudes about data security needs to be a priority for all companies.