A surprising number of employers and HR managers are not doing enough to protect employee data. In a survey conducted by GetApp, 41 percent of employers admitted they do not train all HR staff on protecting employee data.
Additionally, one third of employers did not have an employee data protection policy in place at all, with some stating they did not have time to draft one. Out of the two thirds of employers with data protection policies, 19 percent stated the policy is not revised quarterly. This data shows that organizations are lacking the necessary policies and training to ensure that employee data is protected.
Forty-four percent of employers cited employee non-compliance as the biggest challenge they face when protecting employee data, although stated above, if there is no policy or training, this is a logical result.
A Willis Towers Watson study showed that employee negligence or wrongdoing is responsible for over 60 percent of cyber breaches. According to data provided by Proofpoint, employees in certain industries are more knowledgeable regarding cybersecurity than others. Finance workers scored 80 percent on a cybersecurity test, whereas education and transportation workers received the lowest scores.
The "deskless" and remote working trend should cause HR professionals to take data security more seriously. When employees use personal devices at work, it increases the risk of a data breach. More than half of deskless workers polled by Speakap said they use messaging apps, such as, WhatsApp, Facebook Messenger, and Skype for work without telling HR personnel. If these employees are not properly trained in spotting data breaches, they are putting their data and their employer's data at risk. Valerie Bolden-Barrett "Survey: Most HR managers aren't taking employee data security seriously" hrdive.com (Nov. 18, 2019).
So, the question for our readers is: How serious is your HR about data security?
Please take the poll. Here is an opinion from one of the McCalmon editorial staff members:
Jack McCalmon, Esq.
Uniformity is a foundational element for cybersecurity. So, start with a policy and in the policy address personal devices and how they can be used in the workplace. Once policies are in place, select approved online vendors such as meeting software, chat software, and email. Ask employees to use their work email only for work and always for addressing other employees, vendors, and contractors. Follow-up with training on malware, phishing, and social engineering. And, require employees to change passwords often.
You can answer our poll. Please not any comments provided may be shared with others.