Your HR department has access to a lot of sensitive personal information, including social security numbers, birth dates, and addresses. Allowing that data to get into the wrong hands would be a serious breach of trust with your employees and candidates, and could have disastrous effects. For example, a hacker could use personal information to open credit cards under your employees’ names, ruin their credit scores, and impact their ability to find housing. It’s crucial that you put the right safeguards in place to maintain your HR data security.
1. Partner with your IT and legal teams
Your IT and legal teams can be tremendous resources as you plan for, and implement, HR data security measures. Sync up regularly to ensure that nothing is being overlooked, and to discuss necessary changes. For instance, let them know when you plan to evaluate or implement new software, so they can review its data security, raise any concerns, and suggest updates to internal security measures.
2. Enable appropriate permissions
Give people on your team access to what they need within your HR platforms, and no more. For example, you might allow managers to see salary information, but not social security numbers, for their direct reports. This ensures that the most sensitive personal information has limited exposure.
3. Stay on top of employee offboarding
People on your team are bound to leave—but they shouldn’t be able to take confidential HR data with them. Make sure you deprovision access to your systems in a timely manner so they can no longer access them after they’ve left. Also be sure to reassign permissions to others on our team as needed. For instance, if a Super Admin leaves, you will want to ensure that someone else can take over that role.
4. Never share logins
It can be tempting to reduce costs by sharing licenses, but that can put your HR data at risk. Alongside enabling permissions and deprovisioning accounts for departing employees, it’s crucial that team members do not share logins. If an employee leaves the company, but has been using another employees’ login, they may be able to continue using it indefinitely.
Also beware of sharing logins for systems that don’t contain sensitive information, as the login information may enable someone to get into another platform with more sensitive information.
5. Use strong passwords
Reduce the risk of a data breach by reminding employees to create strong, complex passwords with uppercase and lowercase letters, numbers, and symbols. Passwords should not be re-used between platforms and should be changed frequently. Single Sign-on (SSO) or a password manager can be helpful in executing good password hygiene.
6. Encrypt sensitive information
Many of the leading HR technology vendors encrypt sensitive information to safeguard it, so make sure that’s the case with your partners.
It’s also important not to forget about spreadsheets. Most HR professionals are Excel power users, and may export data for a variety of reasons. Those spreadsheets often contain personal information, so it’s important to remember to encrypt them as needed.
7. Be vigilant about HR software certifications and compliance
Not all HR solutions are created equal when it comes to HR data security and privacy. Safeguard your employee and candidate data by ensuring that your technology partners use a shared security model (like SOC-2), to ensure industry standard controls. Technology vendors should also undergo regular penetration testing and security reviews, and encrypt your HR data for maximum security and privacy.
8. Require regular data security training
Data breaches are often due to mistakes by someone on your team. For instance, falling victim to a phishing scheme in which a hacker poses as a technology vendor to steal your password.
Everyone who will have access to HR data should receive data security training during the employee onboarding process so they understand the importance and the requirements of good data security. Refresher trainings—especially when anything changes—should be done regularly to help ensure that best practices are being followed.
Final thoughts on HR data security
Your company has a responsibility to employees and candidates to adequately protect sensitive personal information. It’s crucial that your entire team take this very seriously, and that you work with other departments and managers to ensure sensitive information is kept confidential and safe. This is important for maintaining employee and candidate trust—and protecting your company’s reputation.