HR and cybersecurity in companies
SHARE THE ARTICLE ON
Managing employee data has become increasingly sensitive since the increase in cyberattacks. HR must remain vigilant and the IT security of HR information systems must be strengthened.
Cyber attacks have increased dramatically over the last few years; just five years ago there were hardly any at all. Private and public organizations are becoming aware of the importance of cybersecurity at the highest level and companies are investing heavily to prevent hacking. The analyst firm Gartner predicts that by 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member.*
Outsourcing and cybercrime expertise
Hackers can endanger the security of computer systems or illegally retrieve confidential data. They can also have malicious intent and try to damage a company’s reputation by spreading illicit content. HR is particularly affected because it has sensitive employee information (data on their home, health, degrees obtained, salary, etc.). HR information systems are interconnected and often managed by third parties.
Prevention, detection and backup
In all calls for tender, companies now require that the service provider recruit people specializing in cybercrime who can ensure the security of sensitive data. The detection of cyber-attacks should be a priority and preventive technical security measures need to be set up on the infrastructures and responses implemented in case of an incident. Artificial intelligence helps us detect attacks.
In 2013, Sopra HR was the first to obtain approval from the European data protection authorities for its Binding Corporate Rules (BCR). BCRs guarantee the protection of personal data processed by all Group subsidiaries for all their activities, including those carried out on behalf of customers. An overall reinforcement in the security of information systems has recently led most of the major HR and Payroll service providers to comply with ISO 27001 certification, issued by AFNOR, for cloud-hosted services.
Even large IT companies can be the target of an IT attack. These threats require the effective implementation of prevention and detection measures, as well as appropriate backup management policies for potentially affected HR data.
The race for talent
The demand for people with experience in cyber-security is at an all-time high. Hack groups are also offering 'job offers'. The security of companies is at stake, especially small companies that cannot afford to hire such specialists. The European Union is currently working on the NIS2 (Network Information Security) standard, which will force companies to further strengthen their cyber security... Already, HR has had to take the GDPR into account when handling employee data and has begun to invest in employee training and preparation. Cybersecurity regulations will become increasingly strict.
Remote work and IT security
Security is increasingly becoming a necessity with the development of remote working and mobility. HR information systems require the deployment of tools on employees' home workstations to ensure security. Employees' personal devices (mobiles, computers) can also be used to consult professional emails remotely, but not to connect to the company's platforms.
Cybersecurity therefore concerns HR, and not just IT. Platforms used to process employee data need to be made secure and employees need to be made aware of the risks and implement the available tools as well as preventive actions with respect to their data and emails.