If you attended the recent CIPD Festival of Work virtual event on 15th and 17th June, you might have listened to a talk from our very own CEO and Co-Founder, Jason Dowzell, who discussed how HR teams can secure their data whilst working from home.
If you missed it, we’ve highlighted the key points below.
Firstly, a little insight into Jason’s background. Jason is Chief Executive Officer and Co-Founder of Natural HR. Providing cloud-based HR and payroll software that helps HR professionals to better contribute to productivity and growth; Jason co-founded the now 28 people strong business, Natural HR, alongside his wife in 2010.
The Birmingham-based company has enjoyed year-on-year growth since its establishment. Before Natural HR, Jason’s career spanned some of the world’s most renowned security and information management companies, where he championed cybersecurity best practice in business.
Why is HR data security important when working from home?
Previously, HR teams had to secure sensitive data from the office, which is an easier task to accomplish, however, the pandemic changed everything. As a result, the number of homeworkers dramatically increased overnight and those employees are now relying on their home networks and previous office security procedures are not as easily enforced, resulting in the risk of data breaches increasing exponentially.
What happens if I fail to secure my HR data?
There are a number of reasons why you should always protect your sensitive data, such as:
- protecting the availability and integrity of your employee’s personal data
- maintaining your and your company’s reputation
- complying with data protection laws
If you fail to abide by data-protection laws such as GDPR, your company could be fined up to €20m or 4% of global turnover, as the worst-case scenario. But, more importantly, in severe cases where ongoing negligence and total disregard for sensitive data occurs, you could even lose your job or go to prison.
So, what ways are there that data breaches can occur?
Phishing is when someone tries to follow a link and provide your information to the sender, such as a password or account number.
How to protect yourself from phishing attacks:
- Don’t click on any links or open attachments from unknown senders and even if it’s from a known sender, use caution!
- Only ever communicate personal data via the phone or secure sites, but still be vigilant to your surroundings, but never over email.
- Never give out your PIN or password when an email asks for it as banks etc will never ask for this information.
Even today, passwords remain the primary method of proving your identity, especially on web-based systems such as eBay, Netflix or Amazon.
How to protect yourself from password attacks:
- Make your password at least three words long – the longer it is, the stronger it will be.
- Mix of uppercase, lowercase, numbers and symbols to make it harder to crack.
- Never write it down or share it.
- Consider using a password manager like LastPass or 1Password.
- Never use the same password on multiple sites because every site that uses the same password will be vulnerable if one has a data breach.
- ‘Well-meaning insiders’
Well-meaning insiders is a term used to describe an individual who thinks they are trying to help a customer, colleague or partner out by ignorantly sharing sensitive data.
How to protect yourself from well-meaning insiders:
- Only ever use approved tech from your company such as file-sharing sites like Dropbox, WeTransfer or Google Drive
- Don’t mix personal and business data, ensuring the organisation’s data is stored in another location.
- Always follow your company’s policies.
- Consider confidentiality when holding conversations or sharing your screen.
- Take care with printouts and unlocked devices – always lock them away when not in use.
- Be extra vigilant about opening web links and email attachments.
- Procedures aren’t adhered to
The fourth way data breaches can occur is when employees don’t follow processes set out, which is even more prevalent now we have more home workers. If employees don’t know what your processes are, the chances are that data breaches go unnoticed, are slow to be actioned or occur more often.
How to protect yourself from employees not following processes:
- Ensure employees know what to do and have an internal ‘champion’ that they can approach with questions.
- Run a security workshop for new hires.
- Set up ongoing, regular data security training for all employees.
- Create a simple, visual incident response process that is easy to remember and widely accessible.
- Consider setting up a security mailbox where all questions or potential threats are forwarded to.
Simple precautions you can take to secure HR data from home
To summarise, there are a number of tasks you and your employees can undertake to secure HR data while working from home.
Download the infographic here.
- Update your PC and any other devices regularly.
- Don’t uninstall security software and, if available, only connect to company files using VPN.
- Use Multi-Factor Authentication (2FA/MFA), if possible.
- Back up data, especially with the rise in ransomware and make sure you do this in accordance with company policies.
- Don’t leave sensitive data on your desk or leave your PC unlocked when not in use.
- File data securely and shred it if necessary.
- Change your home Wi-Fi admin password.
- Create stronger passwords by using multiple words, differing characters, symbols and numbers.
- Don’t use the same password on multiple sites.
The most important precaution you can take is your password. If there’s just one thing you take from this article, create a strong password and not use it across multiple sites.