Survey: Most HR managers aren't taking employee data security seriously

Dive Brief:

The majority of HR professionals don't take employee data protection seriously, according to a new GetApp survey. The results show that 41% of employers don't train all their HR personnel in protecting employee data and just 19% revise their policy quarterly.
In the poll, more than a third said they are operating without a policy in place to protect employees' data; of the two-thirds of employers with a written policy, 44% said their biggest challenge is employees' noncompliance with their policy; and nearly one-fifth of respondents said they don't have enough time to draft a policy. Also, only 21% of respondents said they're aware of the General Data Protection Regulation (GDPR).
"This research clearly shows that businesses have a long way to go to ensure that their employee data security policies are up to date," Harshit Srivastava, GetApp's content analyst, said in a media release. "We were surprised by how few businesses actually have a policy in place, and the attitudes of HR professionals toward data security. Data security should be one of the top priorities for businesses in the wake of GDPR and there is clearly still plenty to be done."

Dive Insight:

As the workplace becomes increasingly disparate thanks to remote and "deskless" working, HR may have to pay closer attention to such issues. Slightly more than half of the deskless workers in a Speakap survey from January 2019 said they use messaging apps like WhatsApp, Facebook Messenger and Skype as often as six times a day for work purposes and do so without HR's knowledge. Without training in recognizing and preventing security breaches, employees that use tech tools to communicate on external platforms may put their data and that of their organization at risk. HR, in partnership with IT, can offer training programs and draft policies for lowering the risk of breaches and viruses.

While cybersecurity is becoming a concern of all industries, a study from Proofpoint found that some industries are more savvy about taking precautions than others. For example, on a test measuring cybersecurity knowledge, finance workers answered 80% of the questions correctly, compared to education and transportation workers, who had the lowest test scores. Also, communications employees had high test scores, while employees in facilities and security and customer service knew less about cybersecurity. Employers can use survey results like Proofpoint's to gauge cybersecurity knowledge in their own industries and start taking steps to expand it.

Training to lower the risk of cyber breaches is critical, but employers must make sure they're providing the right kind of training — and that includes instruction focused on employees' role in creating security risks. For instance, a Willis Towers Watson study found that 66% of cyber breaches are caused by workers' negligence or malfeasance. When employers allow employees to use personal devices at work, the risk for breaches escalates. Given these statistics, HR leaders, with IT expertise, should make training staff their first line of defense.