Looking for something in particular?

• Home
• Disclaimer
• HR Terminology
• Directory

Security of Information – the impact of people

March 27, 2008

A recent study by PricewaterhouseCoopers has found that an increasing number of businesses are adopting security policies to protect the confidential information of their employees and clients. High profile Government cases such as the missing discs containing thousands of people’s personal information have contributed to putting this issue on the agenda for many organisations. (I recently wrote a security policy for my organisation - see my article on monitoring internet usage from February). However the research also highlighted that simply putting policies and systems in place is not good enough in the effort to protect information, and that changing employee behaviours is the key to success.

With changing ways of working, including the increase in home working and ‘virtual’ teams, information systems are becoming more complex and security provisions need to cover a range of networking challenges. Practices that increase autonomy and responsibility such as job redesign are leading to more trust being placed in employees, and so the information held by companies is now more than ever subject to the correct handling by their people.

Additionally, most companies now provide internet access for many if not all employees, which of course increases the security risks. The research showed that many employees were being targeted by ‘social engineering’ attacks, where outsiders tried to get information about the company through its employees using social networking sites like Facebook. Some confidential information had been found to have been posted by employees about their companies on these sorts of sites.

So a clear policy and system tools will not stop security risks on their own. Employees need to be aware of the risks of their actions on the internet whilst at work, or when talking about work on the internet. The communication and enforcement of the policy is just as important as the content. HR may play a big role in this as many of the internal communication mechanisms may be controlled by the function. Additionally, it may be that the team or person responsible for the writing of the policy (e.g. the IT Officer) may not have all the necessary skills and experience in the communication of policies and practices within the company. Additionally, HR should be able to add weight to the importance of security by applying the appropriate enforcement measures and advising on disciplinary action where required. The rules within any security policy will only be enforceable if breaches are effectively dealt with. However as well as HR, the senior management team will have an effect on whether security measures are taken seriously within the business, and need to display the required behaviours and attitudes, otherwise it is unlikely that employees will see the importance of the issue.

Comments

• Sponsors

• Subscribe

  Enter your email address to subscribe to HR updates:

• Categories

  • Employee Relations
  • Employment Law
  • Equality and Diversity
  • Health and Well being
  • HR Practice
  • Learning and Development
  • News/General
  • Performance Management
  • Policies and Procedures
  • Recruitment and Retention
  • Reward/Benefits

• Archives

  • November 2010 (5)
  • July 2010 (1)
  • April 2010 (3)
  • February 2010 (3)
  • December 2009 (1)
  • October 2009 (2)
  • September 2009 (4)
  • July 2009 (6)
  • June 2009 (4)
  • May 2009 (7)
  • April 2009 (14)
  • March 2009 (15)
  • February 2009 (17)
  • January 2009 (15)
  • December 2008 (13)
  • November 2008 (15)
  • October 2008 (15)
  • September 2008 (21)
  • August 2008 (20)
  • July 2008 (22)
  • June 2008 (24)
  • May 2008 (22)
  • April 2008 (22)
  • March 2008 (19)
  • February 2008 (21)
  • January 2008 (6)

Copyright © 2008 HR Girl · Disclaimer · Log in