security
BY FAILING TO ENSURE EMPLOYEES UNDERSTAND AND FOLLOW SECURITY POLICIES,
CANADIAN BUSINESSES ARE PUTTING THEIR ORGANIZATION AND REPUTATIONS
AT RISK BY EXPOSING VALUABLE CUSTOMER, EMPLOYEE AND BUSINESS DATA.
to what is and what isn’t considered confidential. If they make an
error in judgement, the organization can unintentionally be exposed
to serious information security issues and the potential for
fraud. HR professionals in both large and small businesses play a
key role in helping to mitigate this risk. Development and adoption
of strategies and training to help employees understand their
roles and responsibilities for data management are some of the
ways HR professionals can reduce this risk.
HR leaders should also consider training as an ongoing approach
to keep risks top-of-mind among employees and ensure
the information security policies and procedures are being followed.
However, the research shows that there is certainly room
for improvement when it comes to ensuring all employees follow
procedures. For example, approximately half of C-suite executives
and less than half (43 per cent) of SBOs have a protocol for storing
and disposing of confidential paper data that is strictly adhered
to by all employees, and 61 per cent of C-suite executives and only
40 per cent of SBOs have a protocol addressing electronic devices
that is strictly adhered to by all employees.
By failing to ensure employees understand and follow security
policies, Canadian businesses are putting their organization and
reputations at risk by exposing valuable customer, employee and
business data. Regular training and auditing not only mitigates the
risk of data breaches caused by human error or lack of knowledge
of security practices, but also serves as a helpful reminder to employees
to follow policies.
HR professionals should not be discouraged from getting started.
While training and auditing are critical components of every
information security plan and are vital in reducing data breaches,
there are many easy-to-implement best practices HR professionals
can begin using today. HR professionals in large or small businesses
should consider the following three key strategies to help reduce
the risk of data breaches caused by human error:
■■ Shred-it-all policy: Shred-it-all policies require all paper
documents be shredded before being recycled or disposed. The
shred-it-all policy removes any uncertainty around whether
documents are confidential and require shredding. This simple
step is one of the easiest ways to avoid human error, including
mishandling of confidential documents and files. In addition,
all shredded paper is recycled, adding an environmental benefit
to a security solution for businesses. Overall, it leaves little
to be decided around the type of information that should,
and should not be deposited in recycling bins and waste
paper baskets.
■■ Clean desk policy: Unattended workstations pose a risk,
as loose paperwork and a messy desk are easy targets for
information theft. A clean desk policy encourages employees
to clear their desks and lock documents in a filing cabinet or
storage unit when they step away from their workstation for an
extended period and at the end of each workday. This includes
documents, files, notes, business cards and removable digital
media like memory sticks.
■■ Destroying hardware: Canadian C-suite executives and
SBOs surveyed dispose of electronic confidential data by
wiping and degaussing hard-drives in-house. Unfortunately,
this method does not ensure the data stored on the hard drive
is inaccessible and employees can be accidentally exposing
confidential information when old hard-drives are sent to be
recycled, reused or resold. Organizations must require obsolete
hard drives to be physically destroyed before disposal, as it’s
the only way to safeguard the confidential information found
on them.
HR leaders have an important role to play to ensure that information
security training for employees is high on management’s
agenda. When all employees understand how to better manage
and identify information security risks, businesses do a better job
in protecting their customers, their reputation and their people.
Implementing training and education for employees will help better
manage the flow of workplace documents and mitigate the risk
of human error-related fraud. ■
Andrew Lenardon is the global director at Shred-it International.
Lolostock/Shutterstock.com
Solutions that unlock human potential
and improve organizational performance.
We help companies implement Anti-Bullying
programs, train employees, recruit the best
people, and develop leaders.
Service Areas:
• Anti-Bullying
Programs
• Training
• Recruiting
• Coaching
• Assessments
647.925.3585 info@cdnhr.com www.cdnhr.com
46 ❚ SEPTEMBER 2016 ❚ HR PROFESSIONAL