Human Capital Data Security in the Age of Cybercrime
<p>There seems to be an ever-growing infiltration of cyber hacking and cyber breaches that make it into the public sphere, appearing in news broadcasts and over multimedia streams on a daily basis. </p> <p>Disturbing headlines referencing data privacy, stolen personal profiles and a variety of misappropriated digital account info piracy involving private credentials seamlessly make their way into our social and public spaces. And while the vast majority of these cyber crimes have taken place in commercial settings like online shopping, financial services, and healthcare institutions, or over social media platforms, the last few years have proven that large-scale data breach scandals can affect the private and corporate sector as well. These instances have exposed well-known human resource management software companies that have experienced data privacy breach issues. </p> <p>It’s no surprise that sophisticated hackers with access have the ability to locate and stripe personally identifiable information through unsecured client portals. Such instances have been noted to take place through client payroll accounts where employees were exposed and accessed without authorization.</p> <figure class="wp-block-image size-large"><img decoding="async" loading="lazy" width="1024" height="535" src="" alt="Human Capital Data Security in the Age of Cybercrime" class="wp-image-9932" title="Data Security in the Age of Cybercrime" srcset=" 1024w, 300w, 768w, 1200w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure> <p>87 million exposed accounts in the Facebook Cambridge Analytica scandal; HR professionals now have to constantly be conscious of, and cautious about, the accountability they have to employees to ensure the strictest data privacy.</p> <p>Statistics like these serve as a warning to all sizes of organizations. The HR function needs to regularly review policies and training to help mitigate data security threats. HR should also institute a strategy that automates employee terminations instantly shutting off employee access to the business intranet network and business applications; this should also be implemented when the employee change organizations. HCM providers also need to protect employee/ user data using encryption and multifactor authentication protocols when feasible.</p> <h2>3 Areas of Employee Data Companies Must Protect</h2> <p>1. Personal Identifiable Information (PII) – data that can be used to distinguish or trace an employee’s identity, including, but not limited to, name, date of birth, and even or biometric data.</p> <p>2. Sensitive Personally-Identifying Information (SPII) – insurance numbers, banking information, and contact information i.e. email, home address, phone number.</p> <p>3. Personal Health Information (PHI) – medical data.</p> <p>In order to best protect an organization from experiencing hacks and other cyber-attacks, it is critical that HR professionals are prepared. One vital way that companies can stay prepared and ahead of imminent disasters is by enlisting the services of organizations such as <a href="" target="_blank" rel="noreferrer noopener"></a> a primary source verification (PSV) company that ensure the accuracy of the qualifications of the original source of certain credentials. Taking this initial step towards verification allows companies to verify and back up data in multiple places.</p> <p>HR needs to enforce the real threat that data breaches and privacy hacks pose along with effective and non-disruptive methods of combating these attacks.</p> <p>&#8211; Regularly visit and update data privacy as well as all data breach policies.</p> <p>&#8211; Consult IT and Risk management when developing personal device access policies.</p> <p>&#8211; Perform annual privacy policy and procedural audits.</p> <p>&#8211; Ensure that all relevant employs are held accountable for appropriate handling of private employee data.</p> <p>&#8211; Securing employee data using robust and meaningful methods.</p> <p>&#8211; Disable the ability to store and travel with personally identifiable information.</p> <p>&#8211; Integrate multifactor authentication into employee and manager portals</p> <h2>New Focus for Cyber Criminals</h2> <p>The 2018 (to date) &nbsp;<a href="" target="_blank" rel="noreferrer noopener">Identity Theft Resource Center Breach Stats Report</a> reveals that in the last 13 years, 8,909 breaches were reported, exposing 1,078,783,151 records to cybercriminals. In 2018 alone, from Jan. 1, 2018, to present, more than 12.3 million data records have been affected by 383 separate reported breaches. Of those records, businesses including financial institutions were responsible for 42.6%, healthcare organizations were responsible for 38%, and financial institutions were responsible for 12%.</p>