The rapid advancements in the technology and communication have ushered in a digital age that is enabling businesses to revolutionize how they function, enhancing their product/ service to meet the needs of the customers, transform employee experiences and so on. One of the main enabling factors is the voluminous data that is allowing businesses to engage in analytics and derive deep, actionable insights.
Data in the digital era
As technology and digital communication continue to cement and augment their place strongly in our lives, our lives are becoming digitized and increasingly transpiring online. This has led to us to continuously generate larger volumes of data every second. It is predicted that by 2020 each individual across the globe will generate around 1.7 MB of data per second!
We leave everything from personal information to financial data to medical information and even sentiments and opinions in our online and digital journey. Tracing the digital footsteps of individuals reveals so much valuable information and insights to businesses.
With technological advancements in the form of analytics, AI, Machine Learning, etc. allowing us to utilize such data to accomplish so much, data has come to be known as the new oil and a treasure trove that (as mentioned earlier) can revolutionize businesses and our lives.
So, if data is so critical and if it is the new oil, then cybercriminals and crime syndicates will get attracted to places where there is data, be it about customers, employees or the business/organization itself. It should not be surprising that they are leveraging the latest technological tools to get access to that data.
Using these data, they are orchestrating financial frauds, online scams and identity thefts, extracting ransoms, defacing companies, government organizations and nation states websites or threatening them and so on. There has also been a proliferation of fake news and online trickery as the incentives and opportunity for the same are increasing consistently.
The past decade itself has seen some major data breaches and cyber-attacks on big players such as Facebook, Yahoo, Exactis, e-Bay, Equifax, etc. and in the MEA region, high-profile oil and gas companies like Saudi Aramco of Saudi Arabia, RasGas of Qatar, etc. faced big data breaches a major part of their computer networks. These high-profile organizations not only faced heavy financial losses but have also losses or at least a decrease in brand image, value, loyalty and reputation and loss of customers. These mega breaches stand testimony to the need for heightened cybersecurity practices and a strong organizational culture that takes cybersecurity seriously.
Role and Responsibility of HR in this digital age
You may be wondering what role the HR could possibly play with respect to cybersecurity or data protection or even fake news and online scams. Isn’t that the responsibility of the IT team or the cybersecurity professionals or at max PR? No, all of these issues cannot be solved by one department in isolation or working in silo. It is the joint responsibility of every employee and every department of the organization. So, HR which works closely with employees across the organization is in an excellent position to help the organization strengthen a culture of trust, truthfulness, safety, security and privacy within the organization and with all its stakeholders.
The other reason why HR plays a central role in privacy, data protection and security is that HR is typically a domain that generates, collects and maintains voluminous data of employees, present and past as well as aspirants. HR departments across the spectrum are engaging in HR analytics for insights that will help elevate employee engagement and experience, they are adopting new technologies and leveraging the latest tools to collect, collate, store and use such data and so on.
Let us explore what kind of role HR can play in each of these issues/ areas.
Privacy and data protection
With regulations such as the GDPR in EU, there is greater stress upon organizations to ensure that data protection measures are put in place and that the privacy and security of their employees are stringently upheld. These regulations stress upon the need for HR to ensure full disclosure and awareness to employees about how and why their personal data will be used and accordingly, take their consent for using the same. Such an explicit opt-in ensures transparency with employees by keeping in the loop about what data is being collected and how it is being used.
The privacy and data protection regulations require the HR/business to take new permissions if the purpose of the use is changed. These also strictly mandate companies to report to the individual employees and supervisory authorities about the theft of employees’ data or breaches/ attacks that affect their personal data in any manner.
The HR department must collect and maintain consent records. They must put in place measures to delete the employee data in case they withdraw consent and its impact on the processes in place as these directly impact the data-driven or data-enabled HR strategy and processes.
In the face of the increasing data breaches, privacy invasions, etc. in the recent times, the company’s commitment towards upholding employees’ right to privacy, maintaining transparency in how their personal data is used and strong data protection measures have become important elements of employee experience, trust and commitment towards work. Since HR departments must ensure frictionless and enhanced employee experience, they must take GDPR and other such regulations seriously and act upon these.
MEA region’s countries are be high up on the list of targets of cybercriminals. For instance, UAE faced 2.4 million of the 1.7 billion ransomware attacks across the globe. The reason for MEA countries being targeted continuously are that a large proportion of the companies here rely on advanced technologies and still continue to use password-only authentication mechanisms instead of advanced security solutions available today.
While IT and cybersecurity departments can ensure that the latest and most effective firewalls and security infrastructure is put in place, these measures cannot achieve strong cybersecurity in isolation. The employees are integral parts of the process. How?
Right from setting a strong password and routinely changing it to not clicking on spam/ malicious links to not using unapproved apps (personal or professional) to reporting errors and anomalies, employees have a definitive role in each of these. They need to understand, abide by and incorporate the needs of a strong culture of cybersecurity in their everyday. To this end, they must be trained continuously and effectively. The HR department must incorporate such training and awareness workshops with the domain-based and work-related training. They can include gamification, activity-based sessions and so on to educate employees about the dos and don’ts of cybersecurity.
The HR department must work closely with the IT and security teams to understand what kind of training is required and how frequently based on the risk assessments of these other teams.
Fake news, online scams, spoofing and other forms of trickery
Is fake news something that HR or the company must worry about? Yes. Whether on not your organization relies on web-based research, news and knowledge current trends to carry out its business or make critical business decisions, you must be concerned about fake news and allay these for good. Putting out information/ content based on fake news is as detrimental as employees making personal decisions based on fake news (that ultimately affects them professionally). For instance, if an employee compromises on healthcare decisions based on fake news, their productivity will be severely affected.
As mentioned earlier, if employees do not understand the implications of clicking on spammy click baits, spoofing to extract data, online scams and other forms of trickery, they will continue to engage in activities that increase the cybersecurity risks facing the organization. So, they must be continuously educated about best practices and how best to avoid such online trickery for their own and organizational security and safety. The HR department must take responsibility for the same.
To delve deeper into the HR’s role and responsibility in maintaining trust and transparency in the digital age, join us at the session.