How Can HR Strengthen Data Security?

Posted by onepoint-admin on Feb 26, 2020 4:29:52 PM

Data security is a priority for every organization. For HR and Payroll teams, protecting employee data is just part of the job description. In our recent webinar, “Managing the Intersection of HR and Information Security,” Eric Cook, SPHR pointed out that HR handles a wide range of data from Social Security numbers, bank information, bank routing information, dates of birth, Medical records and more.

This is what makes HR and Payroll departments an attractive target for the “bad guys”. Especially during year end and tax time. Cyber criminals are always on the lookout for easier targets. Eric explained further that people are the easiest hacks for criminals. “HR has access to a huge trove of protected information often in very easily accessible digital formats,” he says. “So while IT and leadership should all be aware of major vulnerabilities and risks of high level attacks, an organization can make huge gains in digital security by focusing on stemming human-based attacks.”

Let’s look at several common sense measures that any business can take to strengthen their data security to reduce risk of a data breach.

Strengthen Login Security

Strong Passwords

Our speaker notes that strong passwords are basically impossible to crack. For this reason one common sense security upgrade is to require every user to create a complex password. Most cloud delivery platforms have password strength settings. OnePoint has 4 different levels that you can choose from. In the login configuration settings allows Administrators can set password rules including password length, and complexity level.


login configuration and password complexity settings


Other Password Security

There are a number of additional measures that clients can configure to boost data security. User logins can be strengthened with an additional image validation or a security question. There are also options to limit logins to a certain device or how many login attempts will force an account lock.

Also consider mandatory password changes. Requiring password updates at a regular interval reduces the chance of outside intrusion. It is important to select a change frequency that strikes a balance between security and burden on the end users.


Two-Factor Authentication

Putting strong passwords in place is common sense, but what happens if a bad guy happens to get the password to an account? Another common security feature is to put Two factor authentication in place. Two factor authentication is a login security feature by which a login action is paired with a verification step. This verification is usually a unique code or pin that is generated and supplied to the user via a paired mobile device (IE a text or email code). This is very common security practice with online banking and credit sites.

Two factor authentication though effective can be considered cumbersome, and might not be possible for all workers. For example if an employee doesn’t have a smart phone this security wont work for them to access the system. But this is an effective security upgrade to put in place for any user accounts that would have visibility or access to many, if not all employee’s data. Requiring your HR administrators or Payroll administrators to login with a two factor authentication process can limit the chances of a global breach.


Two factor authenication text code example



Avoid Sending Sensitive Data Via Email

Email servers are notoriously vulnerable to hacking. You might think that emailing a payroll report is the easiest way to get it to the CFO, but it is also an easy way for bad guys to get it too. So what can the HR and payroll departments do to keep sensitive reports out of email? Look for solutions that can schedule reports or can integrate to a secure file system.

Setup Scheduled Reports

Scheduled reports are a great time saver. Set up a scheduled delivery of routine reports to a user or group that needs to see the report. The report will be delivered via a link and the recipient will need to login to access the report. This method keeps sensitive data secure and delivery consistent.

Post Reports to Google Drive

Another powerful integration in OnePoint is our native integration with Google G-Suite. This integration provides a second option for secure communication and data sharing. Your reports can be posted to secure Drive folders in a wide number of formats. Posting directly to drive give you control over folder permissions and who can view the contents both internally and externally.


Training Employees On The Basics

HR professionals do play a role in data security. Knowing strategies to protect key HR and payroll systems is one part, but do remember that training is an important way to teach employees the basics of electronic data security. Especially employees with access to sensitive records or data. Written policies in the handbook that covers passwords, electronic communication, sensitive data provide guidelines for everyone to do their part ins keeping data safe.

Topics: HCM Technology