Home > Resources > BLOG > Data Security Best Practices: 5 Ways HR Can Help Prevent a Hack

Data Security Best Practices: 5 Ways HR Can Help Prevent a Hack

Data Security Best Practices: 5 Ways HR Can Help Prevent a Hack

The Optus hack has been a sharp reminder of the biggest risk facing businesses in today’s digital landscape: data security. 

While the Optus hack grabbed headlines, and rightly so, it’s one of thousands of cyber attacks that happen each and every day. From small-scale text, phone and email scams, to a network of hackers attempting to breach complex security systems, research shows the frequency and sophistication of cyber attacks is on the rise. 

During the 2020/21 financial year, the Australian Cyber Security Centre (ACSC) recorded a 13% increase in cybercrime reports. The amount lost to cybercrime totalled more than $33 billion, though the true figure is likely much higher due to the fact that many cyber attacks go unreported. 

In New Zealand, the statistics are equally alarming. In the 12 months to December 2021, more than half of New Zealand businesses were targeted by ransomware attacks according to research by Aura Information Security.

The collection and storage of personal data is inevitable in certain industries, especially those that require forms of identification or other sensitive data. The Optus hack certainly won’t be the last large-scale cyber attack, so what can HR leaders do to help protect an organisation’s data? 

Data Privacy Best Practices for HR

Introduce cyber security training

HR professionals play a vital role in improving data security because with better education, comes better awareness. One of the reasons phishing scams are so successful is because they use social engineering to trick people into believing the communication is legitimate. Whether the hacker includes a colleague’s name or the email address looks real, the goal is to gain the recipient’s trust.

One way to improve the vigilance of your workforce is through a robust learning and development (L&D) program. Remember, cyber security isn’t a ‘one and done’ topic. As cyber attacks become more sophisticated, the training and content must also evolve to make sure employees are aware of the red flags to look out for and how to alert IT to a potential scam.

Cyber security training should cover topics such as phishing attacks, ransomware, password hacks, data breaches, and what is and isn’t personally identifiable information.

Beyond the content, make sure the delivery is engaging and informative. Learners should be asked to apply their new skills to real-life scenarios during the program and tested at the end to ensure their knowledge is up to scratch.

ELMO Learning Management helps organisations to create and implement a range of eLearning courses to suit their business needs, as well as track compliance levels across the organisation. With 400+ pre-built courses available, the solution makes it quick and easy to roll out learning as and when it’s needed.

Implement a data security policy

A data security policy is a must-have document for all employees, but especially your new starters joining the business. It should set out the Dos and Don’ts of data security, including which approved software providers to use, guidelines around sharing documents with external parties, the importance of keeping your laptop secure etc. 

You may also choose to ban employees from using their personal laptops or devices for work purposes. Personal devices tend to have less malware protection and are not configured to the same security set-up as a work device, opening the organisation to risk. After all, IT professionals can’t be expected to protect a device they don’t know about.

While cyber security is crucial for all organisations, the level of compliance required will vary from industry to industry. Employers should also take steps to ensure all employees have read the policy. HRIS providers such as ELMO can help to streamline the process of distributing and acknowledging workplace policies, providing an easy-to-use dashboard to ensure full compliance.

Secure employees’ home wifi 

Remote working has its challenges and arguably the biggest is the increased risk of cyber attacks. Home wifi set-ups tend to be less secure than those used in the office. Even worse, if an employee uses an open internet hotspot such as a cafe or library they’ll have little to no protection.

There are a number of ways to protect home wifi, such as changing the default name and passcode, limiting the access, using network encryption and a router firewall. Organisations may supply corporate laptops or PCs for use at home and utilise a virtual private network (VPN). Given the financial risk associated with cyber hacks, it pays to have the right security systems in place.

Keep malware protection up to date

Malicious software (known as malware) can be extremely damaging if organisations don’t have the right safeguards in place. Malware protection, when correctly installed, will keep itself up to date for you.

The ACSC report identified ransomware – a type of malware – as one of the most significant threats to Australian organisations, with a 15% rise in attacks in FY21. Therefore, implementing malware protection should be a priority for all businesses.

HR leaders should be working closely with their IT department to create a robust process for safeguarding and maintaining the technology used by employees. This should include regular reviews and risk assessments to make sure the organisation is taking every action possible to keep its data safe.

Review the safety protocols of your software vendors

Ensuring the cyber security of your business is one thing, but it’s also important to ask the right questions of your software vendors.

It’s wise to have a procurement process in place for the software employees use and educate them on why this is so important. Without knowing the technology used by staff, IT cannot effectively limit risk. By implementing a procurement process, it allows the IT or cyber security department to assess the risk and find out what security protocols the provider has in place.

For example, ELMO Software holds an ISO certification to demonstrate our ongoing commitment to the cyber security of customers and staff. Visit the ELMO website for more information on our certification, security statement and our security & vulnerability testing policy.

In the digital world businesses now operate in, hacks are a real and present danger. But thankfully, employers are not powerless. By combining robust security protection with clear policy and ongoing training, HR professionals can help to improve the data security of their business.

ELMO Software is a cloud-based solution that helps thousands of organisations across Australia, New Zealand and the United Kingdom to effectively manage their people, process and pay. ELMO solutions span the entire employee lifecycle from ‘hire to retire’. They can be used together or stand-alone, and are configurable according to an organisation’s unique processes and workflows. Automate and streamline your operations to reduce costs, increase efficiency and bolster productivity. For further information, contact us.