Is HR data security compromised by mobile HRIS apps?
Guest post by Sandi Krason of HRMS Solutions. Sandi has over 20 years experience supporting and servicing HR technology needs of mid-market organizations, ranging from product development, support, training, sales and marketing. With a unique perspective into what end users actually need, she has deep insight into the world of HRIS systems.
While working out the ways to enable your employee’s HR needs via mobile, have you been caught up thinking about data risks? If so, here is something to consider:
With all the data security breaches in the news, a discussion about how HR leaders can ensure HR data security is appropriate, even as the propensity for employees to use their own mobile devices for work continues to grow. The debate over security risks posed by mobile devices in the workplace, including laptops, personal smartphones, tablets, and now the newly-defined “phablets” (cell phones large enough to also serve as a tablet), has been waging for a few years now, with IT largely controlling the discussion in most companies. However, as human resource management software (HRMS) providers rush to develop HRIS mobile apps to accommodate a workforce that demands access to the information they need around the clock, HR managers are moving front and center into the discussion.
Because human resource managers are constantly dealing with employees’ personal data (e.g. social security numbers, driver’s license numbers, compensation rates, birth dates, and ethnicity information), these HR leaders are realizing the importance of developing and implementing HR data protection policies and procedures that incorporate the use of mobile devices. Bringing the problem even further into the HR camp is the fact that most data security breaches are caused by a company’s own employees.
Mobile HR solutions on the rise
HR software vendors are focusing on developing mobile technologies first as they build new products and add features to existing systems. This includes offering hundreds of HRIS mobile apps for learning, performance management, scheduling, employee directories, employee and manager self-service, talent acquisition, and even succession management. The good news is that mobile apps from HR system vendors typically have built-in safeguards and are considered “enterprise-ready,” thereby avoiding HR data security concerns.
As industry vendors feed the mobile trend with new technology, IT and HR teams are scrambling to set rules and guidelines that attempt to embrace the benefits of mobile devices while controlling the risks. And according to an article by SHRM online editor/manager Aliah D. Wright, the trend towards employees using their own personal mobile devices for work “is unlikely to lose steam.” Studies cite multiple benefits when arguing that mobile devices should be welcomed as a permanent workplace tool:
- Increased efficiencies
- Increased productivity
- Easier collaboration
- Real-time decision making opportunities
- Increased workforce satisfaction
- Support for the needs of mobile, telecommuting employees
HR leaders are also seeing increased adoption of new programs that can be delivered on mobile devices. The increased adoption is credited to the employee’s comfort level with the device. Even the Federal government is making a huge investment in mobile technologies. According to a study by the Mobile Work Exchange, $1.6 billion has been spent on Federal workforce mobilization. Federal HR managers predict a savings of $15.1 billion just on reduced real estate costs, since a mobile, telecommuting workforce doesn’t require as many office buildings. Hundreds of millions in additional productivity gains is also predicted, as mobile-empowered employees will be able to continue operating even in the face of a “natural or man-made event.” The ability to attract top talent by offering better teleworking options is yet another anticipated benefit.
Mobile data security is a shared responsibility
Despite these growing trends, many employers still place the bulk of the responsibility for device security on the employee, asking them to sign policy documents agreeing to use complex passwords, avoid use of public Wi-Fi and even agree to have their devices wiped remotely in the event they are lost, stolen, or the employee leaves the company. But it is important for company executives to take responsibility, as well. Here are a few areas on which to focus:
- Employee education and training
- Encryption implementation
- Taking advantage of available mobile-device management products
- Forcing multi-factor authentication and password cycling
- Providing a set of approved and secure “enterprise-ready” apps
- Limiting the use of employee personal data as identifiers or authenticators
- Limiting employee access to only the systems and data they require to do their job
The last topic is especially important to keep in mind when implementing a new HR system. Be sure to discuss best practices for security role setup and assignments with your software vendor or implementation consultant. A successful HRIS implementation will include an in-depth review of your holistic HR data access requirements and related system security capabilities. Your consultant should be able to help you assess risks while also identifying gaps in employee needs. By reviewing your current offerings and discussing desired improvements with your implementation consultant, you gain a knowledgeable partner to help plan mobile enablement without increasing HR data security risks.