Vantage Senior Consultant Joanna Grama recently gave a presentation titles “Critically Important Cybersecurity and Data Protection Strategies for HR Pros” at the annual conference of College and University Professional Association for Human Resources or CUPA-HR. The following excerpts from her presentation show why cybersecurity and protecting data is so important for HR professionals on college campuses today.
Data is the Target
The famous US bank robber Willie Sutton said he robbed banks because “that’s where the money is.” Today data is money and higher education institutions have a lot of data including:
- Personally identifiable information (PII)
- Financial information
- Health information
- Confidential information that, if released, could cause personal embarrassment
- User credentials and passwords
- Proprietary information and trade secrets
- Research data Information about how networks and IT resources work
HR professionals deal in some of the most sensitive and critical data on this list: PII, Financial and Health Information (for hiring and benefits administration), and potentially embarrassing confidential information. By virtue of holding such sensitive data, HR professionals have a vested interest in making sure that data is properly protected.
Key Cybersecurity Questions that HR Professionals Should Be Able to Answer
Cybersecurity is a rapidly-evolving discipline, but HR professionals need to have a basic understanding of the threats and risks they are up against in terms of protecting the data entrusted with them. Specifically, HR pros should be able to answer (or know how to get the answer) for the following questions:
- What and where is my HR data?
- Where is any PII located?
- How sensitive is my HR data according to my institution’s data classification policy?
- What are the legal and contractual obligations for protecting my HR data?
- Who is responsible for securing my HR data?
- Who has access to my HR data?
- What do I do when I travel?
- What do I do if I think someone has accessed my data improperly?
Institutional data governance and handling policies are among the most important institutional policies for HR professionals to be aware of. These types of policies help all institutional employees, including those in HR departments, understand the best ways to protect institutional data during its entire lifecycle—from the creation of data to its archival and eventual destruction.
7 Cybersecurity Tips for HR Professionals
Joanna wrapped up her presentation with 7 cybersecurity tips for HR professionals:
- Know your institution’s data handling policies, and follow them
- Meet regularly with the CISO, ISO and/or IT network director and build these relationships before you need it
- Make legal counsel (if available to you) your friend for the same reasons
- Know where your data is stored and who has access to it
- Consider encrypting your critical data
- Never let your mobile devices leave your person unless they are secured
- Know your organization’s incident response procedure and make sure you know how to access it quickly