Information Security: 9 Ways HR Can Lead the Charge
Some people still think that data protection is the sole domain of the IT department.
But human resources (HR) has a lot to say about security too.
HR plays a critical role in ensuring that employees understand and comply with security policies and procedures.
One of the best strategies is to implement a culture of security dedicated to protecting all physical and digital confidential information from creation through to destruction.
Here’s how HR can help lead the charge when it comes to information security.
- Introduce new employees to information security. At the frontline, data security should be incorporated into orientation and other staffing processes. New employees should be vetted (background checks), and some organizations are asking them to sign an acknowledgement that they have read and understood security policies and procedures.
- Create a security awareness committee. To encourage active participation in security, appoint employees from a range of departments to participate in a committee focused on improving information security practices.
- Liaise with leadership on security issues. HR must be part of security discussions and encourage active participation in information security by the C-Suite. When management shows a commitment, employees are more likely to follow suit.
- Oversee education. All employees should receive on-going education that stresses the importance of information security, and teaches best practices on the job – for example, use strong passwords, identify and ignore phishing emails, and protect mobile devices in and out of the workplace.
- Communicate security in other ways.Provide practical tips and reminders in other ways including workplace posters, corporate newsletters, and e-mail alerts. Regularly review and update policies so they reflect continuously changing legislation and threats.
- Deal with violations. Of 874 data breach incidents reported in the 2016 Cost of Data Breach Study by Ponemon, 568 were caused by employee or contractor negligence. Make sure employees are properly trained. The HR department will be responsible for disciplinary repercussions too.
- Red-flag unhappy employees. The Ponemon study showed that 191 of the 874 reported data breaches were caused by malicious employees and criminals. HR should integrate a process to identify early warning signs that an employee could be disloyal. For example, there are IT systems that identify unusual work patterns. It’s also important to provide an anonymous tips line.
- Protect information during dismissals and other employment changes. Over one-third of respondents in the 2017 Dell End-User Security Survey said that it’s common to take company information after leaving a firm. HR should oversee that online accounts of fired or ex employees are immediately closed. Even when employees change jobs within the company, there should be a process for revoking or changing access to information.
- Help create secure work habits by embedding security procedures. Implement a Clean Desk Policy, and outsource document destruction. A trustworthy document destruction company will provide locked consoles for paper documents that need to be shredded and provide secure shredding services. Hard drive and e-media destruction should also be regularly scheduled.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.