Almost two-thirds (63%) of organisations now allow technology to be managed outside of their internal IT department which breeds increased security and privacy risks, new research has revealed.
The 2019 Harvey Nash/KPMG CIO survey revealed that when IT is managed externally, employers are twice as likely to have multiple security areas exposed and more likely to become the victim of large-scale cyber-attacks.
As HR departments deal with lots of documents relating to the personal details, addresses and contact details of employees, the increased likelihood of data breaches is detrimental for HR – for both compliance with data legislation and its reputation.
To ensure that security systems are slick, in many instances HR and IT are encouraged to team up with one another to prevent data breaches from occurring. However, with new research showing that 63% of organisations allow IT to be managed externally, it may be more difficult for the two departments to work together effectively.
What does HR need to know about data security?
Under GDPR, HR must report data breaches to the Information Commissioner’s Office (ICO) if there is a firm belief that a security breach has led to the unauthorised disclosure, or access to, personal data.
If staff have stolen company information, it is important for HR to consider the impact this is going to have on the personal data of employees.
Research from Verizon’s 2019 Data Breach Investigation Report found that 43% of security breaches predominantly involved smaller businesses. Despite this, the research did suggest that scams and targeted hacks towards HR have decreased in comparison with the year before.
What can HR do to educate employees on data breaches?
To prevent data from getting into the wrong hands, HR should ensure that important documents are locked away – whether that is behind an encrypted cybersecurity wall or a physically-sealed filing cabinet – prevention is better than cure.
While employers are increasingly hiring contractors and encouraging flexible working and remote working policies to attract and retain top talent, employees are likely using multiple devices to share internal company documents. So, HR may benefit from delivering training to employees in advance of offering revised working policies.
