Cloud Computing and Human Resources – Implications for Data Security and Privacy

Posted on: November 8, 2018

|

Topics: Cloud Computing, Cloud Technology, Cyber Security, Human Resources Management

Cloud computing has opened many avenues for business, however it brings with it an added risk: data security. This is a particular hazard for human resources data.

Whether sensitive human resources data should be allowed in “the cloud” is a matter of debate for many organizations. On the one hand, cloud HR systems can allow easier access for remote employees, increase efficiency, and save space, but on the other hand it can also open up the business to data security and data privacy concerns.

There are several considerations you may want to take into account when using cloud-based systems for human resources management:

  1. Consider the Type of Cloud Deployment

There are three types of cloud deployments that businesses can use: public, private, and hybrid.

Public clouds are often less expensive but appear to be less secure as they are owned and operated by a third-party cloud service provider.

Private clouds are owned and operated exclusively by one business or organization. This is more expensive, but also can be more locked down as no one outside of your organization has access to your systems. Another option for a private cloud is to “split” the private cloud system with two or three businesses and share the costs.

Hybrid clouds are a mix of private and public. It combines public cloud access for less-sensitive data with private clouds for higher-risk data.

If you are using cloud computing for human resources management, you may want to consider using either a private or hybrid cloud.

  1. Do Due Diligence

When evaluating cloud-based HR software, make sure to evaluate vendors with data security in mind. Work with the IT department to see if it’s safer to use the vendor’s data centre, or to use an in-house solution.

If you can, access logs, tour the vendor’s data centre, and see who has the administrator’s password. Check to make sure that regulatory requirements can be met, too.

Consider what data is being stored in the cloud as well. Talk with your IT department to find out what options exist for the most sensitive information, such as personal employee data, payroll, and more. Create a security strategy based on your needs.

  1. Provide Data Security Training for the Workforce

Some data security threats come through the network, such as cyber hacking, but there are more insidious ways privacy can be breached. One example is spear phishing, where employees inadvertently give out sensitive password information that can compromise data.

A report from Verizon 2016 Data Breach Investigations Report found that 63% of confirmed data breaches involve leveraging weak, default, or stolen passwords. Other common mistakes include sending sensitive information to the wrong person, not disposing of company information correctly, misconfiguration of IT systems, and lost or stolen laptops and mobile devices.

Employees have a role to play in keeping data safe, too, but they must be educated about what that role is. By incorporating data security training into the on-boarding process and regular training protocols, the organization will be that much safer from cyber threats.

  1. Develop Company-Wide Data Security Policies

Some examples include changing passwords on a regular basis, when and where data can be accessed (for example, can employees access the cloud network on a public WiFi signal?), disciplinary action for not following policy, and more.

Another important data privacy policy not to be overlooked is employee off-boarding. A departing employee can cause data leaks, in particular if they are being terminated.

If your company has remote or telecommuting employees, additional data security policies may be required as well.

  1. Emphasize Accountability

Data privacy needs to be ongoing, for both the employer and employees. Make sure that staff know what to do when a security concern is found. You could, for instance, develop a reporting system, or start an internal communication stream where staff can be warned about the latest phishing scam.

Or, host a monthly or weekly discussion about data security and privacy – be it in person, or online in a group chat.

You could also gamify the process, creating rewards. The Huffington Post suggests a contest where a small prize or benefit, like a Friday afternoon off, is given to the top “security sleuth” of the month.

Data security in cloud computing, especially as it pertains to HR, is a complex and ongoing process. It can’t be ignored and involves everyone in the company. Ask the right questions when selecting cloud-based software, evaluate your current data security policies, and have regular training and communication so everyone is up to date.

You don’t have to go it alone. At TGO Consulting, we can help you evaluate cloud solutions you’re considering, review your current security, suggest new policies, and even provide training.

Contact us today to make sure your sensitive data is secure. Call (905) 470 6830 or visit www.tgo.ca.

Discover more about HR management in the digital age with our free eBook, Managing Human Capital in the Social Media World.