There is a common misconception about IT security that the weakest link is the firewall, server or any other technical component of a organisation’s security infrastructure. The belief is that hackers are always one step ahead leaving the IT team to play catch up.
In reality, the human factor is the real weak link in data security as users go about their day-to-day business handling data of all kinds including confidential information and corporate IP. Hackers focus on people to get inside networks and access such sensitive data using phish attacks, social engineering and malicious emails.
Hackers also target the way that third-party applications, such as collaboration tools, are used. Login information, passwords and the scope of data available on the tool are all potential security issues that can be easily managed with greater awareness and “buy-in” from users.
This is where HR can step in and be at the forefront of changing security culture. Data protection and security training are the most critical components of maintaining data security. It’s more than just delivering facts and information, the key to IT security is ensuring that every worker takes ownership of IT security. It’s about having the right conversations.
People need to understand why passwords need to be varied and complex, why they need to be changed regularly and why extra security is required when using network and third-party tools, particularly when accessing them remotely.
The goal is to have each user to take ownership of their data security. That’s where Layer 8 comes in.
Are you keeping your data compliant?
Keeping your data safe from phish or cyber attacks should be a key focus for every user, particularly for HR, due to the sensitive data the department stores,
If users are storing personal data on a third-party collaboration tool, it is important to be aware of local legislation (multinational operations will have to navigate potentially conflicting data laws).
A good example of compliance regulations that may be relevant to HR teams could be the US’s Health Insurance Portability and Accountability Act (HIPAA) that requires native encryption on any device that holds data relating to health insurance.