SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Digital optimisation makes HR processes easier - Hyland

Wed, 30th Oct 2019
FYI, this story is more than a year old

There are no two ways about it - HR departments generate mountains of data and documents.

While most are digitised these days, nearly half of all HR professionals report that they still rely on paper for at least some of their essential processes.

What's more, a lot of this content creation and collating is still done manually, which is relatively inefficient and leaves it open to human error.

While many aspects of an HR professional's work life are positive – interaction with employees, staff morale initiatives, training and team-building initiatives – few people, if any, really enjoy filling out and filing paperwork.

That said, tasked with managing and protecting personnel records, HR has the huge responsibility of ensuring sensitive information remains secure at all times.

Although we tend to think of data breaches as the work of malicious hackers, carelessness and mishandling of these documents are just as likely to be the culprit.

Although most HR professionals say that technology helps them do their jobs, 47% still depend on paper for key tasks such as compensation processing.

Manual and paper-based processes in HR are not only inefficient, but they also pose a risk to security and compliance.

HR departments in Australia are responsible letters of induction, leave requests, onboarding staff, direct deposits, policy updates, performance reviews…the list goes on.

Any and all of these areas pose at least some level of risk to employee data, and as such, they pose a security and compliance risk to the organisation.

Tired hands and minds can easily misfile a document, documents and files might even be given the wrong security access level.

How can these risks be mitigated?

Firstly, it is vitally important to know who is accessing personnel files and why.

One of the biggest concerns about paper files is that there is no record of who is accessing the documents and what they're doing with them.

Even if documents are locked in a filing cabinet, there is simply no guarantee that they remain secure.

If someone accidentally leaves the cabinet open, those files become exposed to theft, tampering and illicit copying, potentially exposing the operation to the threat of legal action.

There is more at stake than the unsafe handling of one individual's personal details, the whole organisation may be placed at risk.

Content management and digitisation have become essential tools for HR professionals, for these very reasons.

Digitising documents saves paper, tightens security and cuts down on the possibility of human error.

Further to this, intelligent capture takes much of the legwork out of physically digitising those documents, essentially making them 'live files' which are able to be tagged and searched as part of an enterprise data pool.

With paper-based records, there is no way to enforce role-based access by users.

In other words, to ensure that a manager only has access to files for the employees who work directly for him or her.

To minimise risk, access to data should be based on the principle of least privilege, which means users should only have the minimum access required to do their jobs.

Digitising these files allows for logical access control solutions to be employed.

This works in the same way as a physical access control solution, only allowing access to users who present the right credentials at the 'front door'.

This may be in the form of a password, biometric scan, proximity card, mobile phone app, or even Facial Recognition (FR).

Passwords are the least secure method, as they tend to be written down, forgotten, and passed around between employees on demand.

The right content services platform provides visibility into the full history of every user who accesses an employee file, so administrators can see who viewed the document, whether they made edits or amendments, as well as the date and time they accessed it.

Another question to ask is, does the HR department keep records long after they are required?

In the complex world of human resources regulations, how long an organisation hangs onto documents really matters.

GDPR regulations and Australia's Digital Privacy Act, for example, clearly spell out the employee's right to be forgotten, which means that the company needs to have procedures and processes in place for deleting data.

Audits that uncover non-compliance with these rules can come with hefty fines—especially if they are charged per document.

Remember too, that GDPR regulations are not limited to the physical countries in the EU - any organisation collecting, processing, or using the data of EU residents is affected.

Content services solutions can be set to automatically 'end-of-life' on a document when it has been held for a set period, which reduces the risk of it being overlooked – significantly reducing the organisational risk involved in holding key personnel information.

Additionally, a robust content services platform provides encryption when data is at rest (not actively being used), in transit (moving between servers within the database), and in use (being accessed by authorised users).

Documents entered into the system are automatically identified and assigned a record type with appropriate time or event-based retention policies, which ensures documents are purged when required, minimising compliance risk and removing the burden of records management from HR staff.

Content services platforms can help an HR department move away from paper files while ensuring the compliance and security of information and processes.

As well as mitigating risky practices, it also allows the organisation to speed up processes and focus on the really important stuff – in this case, the company's most important asset - its people.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X