Interviewing prospective hires. Mitigating employee disputes. Analyzing job performances.

When you hear “human resources,” you likely think of some of the traditional responsibilities listed above. However, technology has significantly altered the role HR plays in any organization. This is especially true when it comes to the protection of employees’ personal data.

This article is the first in a new series we’re dedicating to human resources. In the coming weeks, we’ll focus on issues ranging from costs businesses incur when employees have their personal data stolen to actionable steps your company can take to protect itself from cybercriminals.

But first, let’s take a look at why HR should be concerned with the growing threat of identity theft and security breaches.  

Human resources has a responsibility to protect their employees  

Human resources has a dual role in every organization: protect their employees and protect the company. Cybercriminals and identity thieves can severely impact HR’s ability to fulfill either commitment. Let’s break down just a few of the risks they face on a daily basis.

HR data is like gold to identity thieves

Due to local and federal laws, as well as corporate policies, HR departments are often required to collect and store a tremendous amount of data on personnel. This likely includes names, addresses, Social Security numbers, past work experience, and more. If thieves can access your HR records, then they’ve hit the jackpot — making off with the personal data of every employee at your organization.

Many workers have access to HR records

Many members of management often have access to HR records. This makes it much harder to ensure everyone follows proper security protocol. Further, companies usually store sensitive data in the cloud, and workers can access these files away from the office. Unless they receive and follow proper training, employees can put the entire company in peril by accessing this data from insecure networks or engaging in a multitude of other risky behaviors.

Disgruntled employees may take action against a company

In the past, dealing with a disgruntled employee was as simple as making sure they didn’t swipe company property on their way out. But, in our digital age, disgruntled employees can cause far more damage.

A 2016 study found that 27 percent of U.S. office workers at large companies would willingly sell password data to outsiders, and some would do it for as low as $100. Of course, individuals who have a vendetta against an organization are willing to hurt their company without being compensated a penny, regardless of the risks and penalties they might face for doing so.

Identity theft frequently begins in the workplace

Perhaps the most important reason HR representatives should be concerned with protecting their employees’ personal data is because identity theft often originates at a victim’s place of business. In fact, as much as 30 to 50 percent of identity theft begins at the office. While this occurs through a variety of means, one of the most popular is via phishing attacks — emails designed to capture personal data and/or install malware on the victim’s device — that appear as if they’re coming from a co-worker or boss.

In 2016, AlienVault surveyed over 300 security professionals to determine how successful attacks like these are. An astonishing 37 percent of respondents revealed that executives within their organization had fallen victim to targeted phishing scams, like CEO fraud, where an email appears to come directly from their CEO.

HR has the power to protect their employees

The good news is that, despite being enormous targets of cybercriminals, human resources can — and must — play a vital role in protecting their employees’ identities. We’ll get into this in more detail in later blogs, but here are two significant ways HR representatives can achieve this:

Provide thorough and continuous training

Your IT department can only do so much to ensure your network and users are protected. In fact, a recent survey of over 250 hackers revealed that human beings are actually the weakest link in security, beating out both unpatched software and lack of available security products. This is why it’s critical that new and existing employees are thoroughly trained on proper security protocols.

Further, training must be continual. As new threats emerge and technology evolves, you need to relay this information to your team. It’s also a good idea to work with an outside firm to conduct routine security tests.

Offer identity protection as an employee benefit  

One of the best steps your organization can take to protect your employees and your bottom line from cybercriminals is to provide your workers with a comprehensive identity protection service.

With so many plans on the market, selecting the right one for your organization can be tricky. Just make sure the following features, which come standard with InfoArmor’s PrivacyArmor®, are included:

  • Dedicated customer support for your organization

  • Scalable and flexible payment models 

  • Comprehensive product education and a dedicated client relationship advisor 

  • Proactive alerts that notify employees on applications for credit cards, wireless carriers, utility accounts, and non-credit accounts

  • Monitoring of high-risk identity activity such as employee password resets, fund transfers, unauthorized account access, compromised credentials, address changes, and public record alerts

  • Tools to monitor and preserve an employee’s reputation across social networks

  • A dedicated advocate to guide and manage an employee’s full recovery process, restoring credit, identity, accounts, finances, and their sense of security in the event identity theft does occur

  • Identity theft insurance to cover your employee’s lost wages, legal fees, medical records request fees, CPA fees, child care fees, and more

To help you in your quest to protect your company and employees, InfoArmor has created a checklist to help you compare identity protection services. It comes pre-filled with important information you should track from each provider, and you can directly edit the document.

If you have any further questions, or if you think we can assist your organization in protecting its most valuable asset — your employees — please reach out.