Page 43 - CCCA 259155 Magazine_Winter 2016
P. 43
{ HR IMPACT }
TECH-SAVVY HR IS A LEGAL IMPERATIVE
TRAINING HR ON DATA SECURITY IS INCREASINGLY CRITICAL TO MINIMIZE RISK
By Liz Bernier
HR departments certainly spend a great deal of time contemplating advises. “You must provide training to ed-
ucate your employees about their roles in
legal compliance—how to remain in line with current and evolving
keeping data safe. They need to know what
legislation, how to balance competing rights, how to communicate the security protocols are, how to develop
and enforce policies effectively. However, in the long list of compliance and use strong passwords, and what to do
if they suspect trouble or have misplaced a
considerations, “how to be tech savvy” doesn’t generally come to mind. device that they also use for business.”
Incorporating data security training as
well as other digital security training into
ut technological know-how is no dates of birth, home addresses—basically onboarding is a good place to start, says Biro.
longer solely the purview of the IT everything that’s needed for identity theft, Another key consideration pertains to
Bdepartment. Most security breaches, home invasion and the associated em- keeping track of sometimes inconsistent
in fact, are not an issue of faulty infra- ployer liability. legal requirements around data collection
structure or software. They’re simply the These errors, oversights and gaps could and storage. Companies often keep sensi-
result of human beings being human. Ac- be largely mitigated by an HR depart- tive information in one global HR system,
cording to the 2016 Verizon Data Breach ment well versed in data security and well simply because it is easy. However, legal re-
Investigations Report, 63% of confrmed trained in handling sensitive information, quirements around collecting and storing
data breaches involve weak, default or sto- according to the report. sensitive information may differ from juris-
len passwords. It’s a fair point—especially when con- diction to jurisdiction, particularly for com-
“Often the reason why criminals were so fdential data, trade secrets and personal panies that are operating internationally.
quick at breaking in was that they already information are increasingly centralized in Employers and HR departments should
had the key. Social engineering remains digital form. One breach and vast amounts also reevaluate exactly what and how much
worryingly effective,” the report states. of information could be compromised. data is necessary to collect, experts suggest.
Almost a full third (30%) of phishing “Employees can be seen as the Achilles’ If it’s unnecessary, HR can help mitigate
messages were opened by profession- heel of cyber security,” according to Marc risk by refraining from collecting, storing
als—an increase from that same statistic Van Zadelhoff, Vice President of IBM Se- or sharing the data in the frst place.
in 2014 (23%). Twelve per cent of those curity. “Mistakes by those with access to a In addition, understanding and using
phishing targets then went on to open the company’s systems are the catalyst for 95% technologies, such as setting up two-step
malicious link or attachment. of all incidents. It can be as simple as acci- authentication or lock screens, is a simple
“You might say our fndings boil down dentally clicking on a malicious link or fail- way for HR professionals to help keep
to one common theme: the human ele- ing to question the authenticity of a phone sensitive data as secure as possible.
ment,” says Bryan Sartin, Executive Direc- call or banking website. Even organizations HR’s role has changed rapidly over the
tor of Global Security Services at Verizon. with the most robust, forward-thinking past few decades as the lines between roles
Other reported errors related to security security strategies aren’t immune to one continue to blur, and silos and segmenta-
breaches included sending sensitive infor- lapse in employee judgment." tion fade. Far from being simply adminis-
mation to the wrong person, improper dis- trators, HR professionals are now key busi-
posal of company information, and lost or Where does HR come in? ness partners with the opportunity to work
stolen assets such as laptop computers. The most important thing HR can do to with Legal, IT and beyond to help optimize
There is, of course, the potential risk protect data security—and therefore miti- business practices—and minimize risk. ❚
to the company (trade secrets, corporate gate risk—is to be proactive rather than
security risks) but what really keeps HR reactive, says Meghan Biro, CEO of Tal-
up at night is the potential for sensitive entCulture. Liz Bernier is Communications Specialist at the
information being stolen on an individual “It’s not enough to rely on your IT de- Human Resources Professionals Association and a
Canadian business journalist. She can be reached
level: social insurance numbers, drivers’ partments to make sure staff are educated at lbernier@hrpa.ca.
license numbers, passport information, about data loss and how to prevent it,” she
CANADIAN CORPORATE COUNSEL ASSOCIATION | CCCA-ACCJE.ORG 43
