HR Security Risk Prevention…

HR Security Risk Prevention…

With the rapid adoption of the Cloud by SMEs as well as large enterprises, it has become vital to review and update HR policies to mitigate information security threats that come with this paradigm shift. Cloud systems differ from traditional, in-house IT infrastructure in a way that businesses now have less control over their software while handing over most of the control to third party Cloud service providers. For example, it is hard to keep track of your employee’s browser history if he or she is connected to a virtualized environment inside the Cloud. Your business data is more vulnerable in the hands of an employee using Cloud since the chances of involuntary information spill are greater in Cloud environments.

For companies moving to the Cloud or those who have already made the transition, it is important that not only their CIOs sit sit down and review the IT staff policies to adequately cover the company against any risks of employee using company information for illegitimate purposes. CIOs may make the policies but when it comes to enforcing anything on employees, HR has to be involved so it’s better to involve them early on instead of handing them down a plethora of information security policy for theCloud.

To start with, companies should enforce technology based restriction on Cloud on what an employee can and cannot do vis-à-vis Cloud apps. Of course, you have to make sure that the Cloud solution provider conforms to your information security requirements on Cloud apps. For example, employees should not be allowed to send emails to their private accounts using Cloud without prior permission. HR staff also needs to include the Cloud related policy decisions in employee’s handbook.

For example:

  • Whether an employee can use public Cloud storage solutions like DropBox at work and more importantly, does the company allow information to be put into public Cloud storage services?
  • Can an employee use personal handheld devices like smartphone/tablet at/for work?
  • Can an employee be allowed to send emails to private accounts to facilitate his/her work outside the office environment? If so, should that email be CC’ed to some else as well?
  • Does the policy handbook covers in detail the use of internet, email and other IT transactions from work and can they be monitored?

HR policy should clearly mention what comes under the definition of ‘company information’ and ‘company property’. IT policy also needs to be updated periodically because with the plethora of new possibilities which the Cloud brings for businesses, it also leaves loopholes in company’s information security policy.

By Salam UI Haq

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…