HR and Security:

On June 15, 2016, in HRExaminer, by John Sumser

photo of forboding grey office tower with sky in background in HRExaminer.com article by John Sumser titled HR and Security on June 15, 2016

“It’s hard to believe that there isn’t a relationship between low engagement and the chance that an employee would sell their password. This means that the security question is really human and not technical at all.” – John Sumser

HR practice varies by region, industry, size and business model. In many sectors, it has a sort of policing function. Whether it’s aggressive drug testing, serious safety procedures, background checking, or, clearances, HR has its finger in the security pie in many settings. It is often HR’s job to do background and reference checks as a way of mitigating risk.

The relationship between HR and security is non-trivial.

Recent news-y bits got me to thinking about the problem in a different way.

Here are a couple of interesting facts:

It’s hard to believe that there isn’t a relationship between low engagement and the chance that an employee would sell their password. This means that engagement is really a security issue. This means that the security question is really human and not technical at all.

At the same time, security people have been quietly talking about the real security problems in the cloud. They are between apps (and in the data transfer process), not within apps. Individual applications can be designed to have real security integrity…. Right up to the point that you have to open them up for a data transfer from somewhere else. It’s rarely the case that data import/export functions are the center of deep security technology. A ton of smart security folks are worried about the massive vulnerabilities associated with inter-app data. It’s a kind of hacking that can be automated.

Users demand ease of use which is often delivered at the expense of security. Unhappy workers may be likely to be sloppier in their attention to detail and security protocol. The systemic risks multiply, largely because they haven’t really been considered.

Predictive analytics, built on data like engagement scores, are emerging all over the place. We’re predicting fit, retention, temperament, development capacity, performance and potential. And that’s just for starters.

It’s pretty easy to see how those same variables can be assembled to predict security risk. Of course we will do that.

The next aspect of the HR-Security relationship is PII (Personally identifiable information (PII), or Sensitive Personal Information (SPI), is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.) There is a lot we don’t know about how data actually works of you mash it together.

It is reasonably clear that you can create PII unintentionally by marrying two pieces of data that are not PII. It’s likely that algorithms will be doing just that. In other words, your automated processes may be creating PII without your knowledge. Since that’s hard to imagine, security is going to be light.

What this means is that, if you’ve read this far, you should learn as much as you can about security and privacy. They are about to become the central issues in HR.

 

 
Page 1 of 11
Read previous post:
HRExaminer Radio
HRExaminer Radio: Episode #167: Mark Barlow

Mark Barlow is the Founder and CEO of AppLearn, Ltd., a new solution for HR software adoption. AppLearn’s thinking and...

Close