Stuart Gentle Publisher at Onrec

What HR Departments Need to Know About Data Security

As cyber incidents are on the rise, HR departments can no longer afford to ignore this ever-present threat. Keep in mind that HR professionals have access to a wealth of data cyber criminals would love to get their hands on. So what are the takeaways?

BYOD policies are a risk

To stay competitive in the modern employment market, companies are under pressure to make themselves a compelling place to work. As part of this, they may allow their employees to bring their own device to work, otherwise known as a BYOD policy. As convenient as this may be, it introduces a plethora of risks.

For starters, since the company has no direct control over an employee’s device, there’s no way to ensure it meets the minimal cyber security standards. There may not even be an antivirus installed on the device, so handling any kind of sensitive data with it is a cyber security risk by definition.

If your organization insists on having a BYOD policy in place, educating your employees about cyber security essentials will be a must. At the very minimum, they should learn how to use two-factor authentication, recognize the signs of phishing, and how to use a VPN.

The importance of secure data storage

HR professionals often need to handle data of sensitive nature. This includes salary data, benefits plans, and potentially even document scans. If proper storage procedures aren’t followed, hackers can have an easy time stealing them.

Not only should you study the local regulatory guidelines to be fully compliant at all times, but also thoroughly screen any third-party services providers that access such data at any point. In the past, there were known cases of HR departments placing sensitive data in the wrong hands; this resulted in regulatory fines of astronomical heights.

Secure data storage may require your HR department to seek guidance from the IT department as many times as necessary. The latter can also advise you on how to properly formulate a disaster recovery plan and how often your employees should change their passwords.

Education is not a one-time event

Speaking of education, you should realize that it’s an ongoing process for employees and management alike. As the cyber threat landscape continues to change over time, so do the counter-measures you need to adopt in your HR department. There are even cyber security courses and certifications aimed at HR professionals and holding one of these will immediately make you more competitive in the job market.

In the modern dynamic environment, knowing the cyber security essentials goes beyond your in-house IT department. Since quick reaction times can be the difference between saving the day and facing a disaster, on some occasions, even an HR professional needs to step in to put out a proverbial fire before it gets out of hand.

An HR professional needs to know how to remove personally identifiable information from the internet, be familiar with the latest cyber security threats, as well as how to protect sensitive data appropriately and in line with the latest industry standards. Ongoing training is recommended.


In summary, the cyber threat landscape is ever-changing and HR professionals need to stay on top of the latest developments. This involves ongoing education, studying the regulatory compliance guidelines, and collaborating with the IT department. Tick all of these boxes, and hackers will have a hard time breaching your defenses and getting their hands on sensitive employee data.