Why every HR team needs stronger communication security…now

A staggering 91% of data breaches occur at the communication layer – with email being the primary source.

While some breaches are caused by phishing attacks, many information leaks result from well-intentioned employees making accidental mistakes.

Unfortunately, breaches often are not identified until well after they have occurred (if it at all).

As an HR professional, you have likely been trained on how to spot email phishing attacks and other suspicious behavior.

However, despite maintaining good cyber hygiene, it’s possible that you have fallen victim to security vulnerabilities at the hands of others inside your organization.

When you send information over email, you lose control over the security, access and permissions (e.g., printing, forwarding, copying, etc.) of your data.

It’s also very difficult to know if your recipient maintains good cyber hygiene or if they have fallen victim to a phishing attack, thereby allowing others to read their emails.

How do you prevent your information from leaking to unauthorized people?

It’s important to establish a plan for:

  1. What information needs protecting
  2. Who should be able to see your information, and
  3. How can to control your information after it has been sent.

We’ve found that most HR departments need to protect data relating to hiring/firing/furloughs, opening/closing of locations, internal investigations, compensation/benefits and other sensitive topics.

Given its sensitive nature, it’s critical that only authorized people have access to this information.

Managers should control what others can do with sensitive data, including whether they can forward, print, copy or edit the information.

Additionally, the ability to delete/destroy/archive conversations and documents can be of paramount importance.

Since email, text message, and team collaboration platforms don’t provide the described level of privacy, security and control, “what does?”

First, let’s identify the technology you should be using:

  • Automatic message and document encryption
    • Manually encrypting and decrypting messages and files is frustrating and time consuming. Similarly, assigning passwords to documents is impossible to manage. Solutions with automatic encrypting and decrypting of data ensure your data is secure, your company is compliant, and your people are happy.
  • Zero knowledge
    • Did you know that most tech companies have access to your data? Ensure you choose a communication solution who is unable to access your information and thus has “zero-knowledge” of your messages.
  • Zero trust
    • You shouldn’t have to trust a third party, the platform you’re using, or the cloud with your sensitive information. Use a platform that gives you granular access controls over your data so you can enforce policy through technology, not the other way around.

What solution offers this technology?

Despite everything you do, you don’t have control over other people. We recommend using technology, rather than relying on other people, to stay in control of your information.

If you’d like to learn more, you can schedule time with us here.

Recent Posts

You’ve heard of Signal, but what about LockDown?

Last week, following a viral tweet from Elon Musk, Signal became the #1 downloaded free app in both the Apple App and Google Play stores. Here at LockDown, we’re often … Read More

The SolarWinds Hack Screams Need for Containerization

The SolarWinds hack that impacted the U.S. Treasury, Department of Homeland Security and Commerce departments, as well as other government agencies and private companies was a big wake up call … Read More

Why privacy matters more than we think.

What is privacy? Contrary to widespread belief, privacy is more than just personal identifying information, medical records, and personal communication. Privacy, by our definition, includes any digital information you decide … Read More