Is Your HR Information Security Policy Ready for Appified Workplace?

As HR leaders adopt new ways of delivering technology, they find that ripping out and replacing their HR systems is often not the best option. If you need to enable people to work together, replacing your existing platform with one that has a collaboration tool doesn’t make sense when you can implement a companywide platform at a tiny per-user cost.

Once you start down that path, be prepared for your people to want more. Once they start using apps at work the way they do at home or on the go, they will want more apps. People always seek the path of least resistance, and well-designed apps offer a simple, intuitive way to get things done. As consumers, we already prefer apps over web-based and desktop programs.

The “Appification” of HR

Established vendors, hundreds of new startups, and thousands of independent developers are now creating apps for business. Now, for almost any function, you can find an app that will plug into your existing HR technology to give users the digital experience they want. The growth of apps means that leaders will soon see themselves managing more than a few large platforms. They will be operating an extensive portfolio of apps that run on any platform.

As we visualize how the appification of the enterprise will look, red flags pop up in our minds. Anyone can sign up for free individual accounts on Slack, Igloo, River, or the many other collaboration platforms and invite people anywhere to join the team. Then they can upload any information and share it with any of the team site members.

That’s not the only risk. A stable, secure platform is only the beginning. There are a lot of ways HR information security policy can go wrong if you don’t have a strategy in place. You can do many things to mitigate your risk, including using a private app store, monitoring network downloads, and identity management. But even if you have the best data security tools and procedures in place, you haven’t addressed the most critical risk.

Create a Culture of Information Security

The “Black Hats” are always looking for ways to exploit security vulnerabilities, but the easiest and most lucrative way to beat security is through your users. You need the best protection you can deploy, but even more, you need to create a culture of information security, including your partners, value chain, and other third parties. It requires a robust and never-ending change management effort that permeates your entire eco-system, with the disciplined communication that is a part of any culture change.

Information Security Training

Training is essential. Educate new employees, but include ongoing reinforcement for everyone and frequently update the training methods, so they don’t become stale. Measure the impact on user behavior and use the feedback to reinvigorate your communication efforts.

Think like a marketer, or better yet make marketing a part of your team. Keep your communication fresh, and measure the sentiment of your audience. Use analytics to gauge interest and adapt your communication methods to their preferences.

Information Channels

One communication channel could be pop-up messages when people log in to their work systems. If you do that, it won’t be long before users ignore the message. When that happens, it’s time to move to a different communication channel. Come back to it later with a fresh message.

Another channel can be company news. You can deliver that through user portals, widgets, and apps. Include stories about security breaches and how they occur.

In certain situations, communication embedded in the workflow can help — just a simple reminder when users are uploading or downloading information, using messaging apps, and communicating with external entities.

Locking down environments and restricting access can backfire. People will always seek the quickest and easiest way to get things done. If rules and restrictions get in the way, they will find a way around them. Collect frequent feedback on user sentiment, and provide the best systems and methods you can. Keep managers aware of the risks of workarounds.

Create a Comprehensive Security Policy

For most people, just being aware of lax practices that expose them and the company to data breaches will be enough. For the rest, you need a policy, rigorously enforced.

Work with IT to develop a policy and communicate it well. A plan that sits on a shelf is worse than no policy at all. Make it a centerpiece of your communication effort.

Chasma Place, is an independent source for solutions that will help you keep pace with changes in the way your people work without ripping and replacing your existing systems.