The world’s biggest cyber-attack on Friday, promises to create more disruption today as workers return to the desks Monday and power up their computers. The ransom-ware, called WannaCry, locks down files on an infected computer and demands $300 to restore access. Hundreds of thousands of computers have been affected so far.
According to Identity Theft Resource Center and CyberScout hacking/skimming/phishing attacks were the leading cause of data-breach incidents (55.5%). The second most common type of breaches (9.2 percent) involved accidental email/Internet exposure of information. Employee error was the third most common breach at 8.7 percent.
HR departments oversee sensitive employee data including Personally Identifiable Information (PII) such social security numbers, addresses, and benefits data, as well as compensation and payroll data. Whether your Human Capital Management System (HCM) is cloud-based or on-premises you’ll want to develop a security strategy.
Your organization should have a policy that limits access to sensitive employee data.
Many times when Dundee Group is upgrading a client to a newer HCM, we find that all users of the old system had administrative rights (full access) to the system. This might include the ability to add additional users or change security groups. It’s important to limit administrative rights to only a select group. Users should only have access to data required to perform their jobs.
It’s human nature to want to make life as simple as possible for ourselves. Don’t assume that your users are creating complex passwords for access to critical employee data. If possible, force users to have complex passwords by imposing password policies. Having to change passwords on a regular basis can mitigate the risk on a compromised password.
Learn more about Data Security, in this white paper from our partner, Infinity Software Solutions.