With the rise of cloud-based HRIS solutions that enable users to log in from any device, security concerns are on the rise. The addition of unknown IP address access can make systems susceptible to outside hackers, as well as devious computer savvy employees. Information breaches and identity theft occurring from inside company walls are also a concern that must be addressed.
For all companies, the implementation phase is the time when systems are the most susceptible to breaches and other security concerns. Employers should work closely with vendors and managers to ensure that security is maintained throughout implementation phases, and as the system starts being used on a regular basis.
Checking Vendor Security Measures
The security measures a vendor takes to ensure that a company’s data are secure should be understood before the company makes a final HRIS selection. All HRIS vendors take precautions to keep company data safe, but the quality of their security measures may vary.
If no one on the HRIS selection team is a security expert, footing the bill to consult with someone that is qualified may help to ensure that the selected system has adequate security precautions in place.
Limiting Access to Information
During the configuration stage of implementation, employers and managers must be mindful to set up the system so that information is limited and controlled.
Employees should only have access to their own personal information. In addition, every change made by an employee using the system must require authorization. Managers should have limits set, based on relevancy to job needs. This way, only the most critical information is accessible.
Educating Employees on Security Protocols
One of the most common causes of internal security breaches is lax internal security protocols. If managers hand out passwords that allow employees to perform certain activities (especially late clock-ins and early clock-outs), it undermines the effectiveness of passwords as a security measure.
To mitigate this issue, employees and managers should be trained to understand the reasons behind security measures as part of implementation training. They should also be held accountable for non-compliance with procedures.
Frequent Password Changes
Most HRIS systems can be configured to require a password change every so often, usually once every 60 days. While managers and employees may express complaints regarding this measure, it can help to provide an extra layer of security as it protects sensitive information from both internal and external threats. It will also aid in keeping employees and managers from using passwords that are easy to guess based on personal information, as employees must be more inventive when creating new passwords.
Having a Disaster Recovery Plan
A proactive approach in keeping HR information safe can mitigate security threats, but it is important to understand that breaches can still occur. Having a disaster recovery plan in place will minimize the amount of time that your system is down and help to re-secure your data faster. There should be clear procedures in place for responding to a data breach so that the right employees know what to do in the event of a breach.
Authored by: Dave Rietsema