Workflow logo
Post Job Now
Home / Resources / Blog /How HR Departments Should Handle Employee Passwords
How HR Departments Should Handle Employee Passwords
# Human Resources# Employer

How HR Departments Should Handle Employee Passwords

Mohamad Danial bin Ab. Khalil
by Mohamad Danial bin Ab. Khalil
May 14, 2021 at 07:06 PM

Are You Hiring?

Find candidates in 72 Hours with 5+ million talents in Maukerja Malaysia & Ricebowl using Instant Job Ads.

Hire Now
A Job Thing Logo

Technology has come a long way, which means that we also need to upgrade our workplace's security measures. Most companies focus on firewalls and antivirus software, but software is just one security measure.

Companies also need to ensure that every employee follows proper security practices to keep data safe. You can ensure your business' cybersecurity by teaching your employees IT security best practices. 

But there's one department that plays the most crucial security role (other than IT):

 

Why Human Resources?

Why should the HR department care about IT security? It's because HR handles employee data from start to finish, including:

  • Employee data such as bank accounts and employee profile.
  • Business employee data such as email accounts. 

The HR department has extra responsibilities in the way of IT security. A security checklist will ensure that the HR team manages employee data safely. 

 

Here are a few tasks that should be on the HR team's security checklist:

 

1. Disable or delete ex-employee accounts

When a company fires an employee or the employee quits, the first thing the company should do is disabling the employee's access to the network system, such as:

  • Email,
  • Company server,
  • Company websites, or
  • Other critical logins involving the company. 

This part is where the HR and IT teams need to work together quickly and carefully. When a company terminates an employee, the HR and IT teams need to be transparent to one another to lower the risk of a disgruntled ex-employee mishandling company data. 

When a worker leaves the company, the HR department should:

  • Remove their access to email, servers, and other work accounts.

  • Ask the IT team or company for a list of currently active user accounts in all systems and ensure they correspond to those who should still have active accounts.

  • Confirm that the disabled email accounts are not forwarding to email addresses outside the company.

 

2. Enforce strong staff passwords.

Strong password security is critical to the safety of a business network.

Companies try many approaches to encourage strong passwords, such as:

  • Mandatory password changes, 
  • Password security requirements, 
  • Multi-step verification.

But sometimes, employees are confused by password authentication requirements. In turn, they no longer care about password strength. When your staff don't care about password strength, your company is in danger. 

Employees should understand the importance of having a secure password and why it's crucial in protecting the company as a whole. 

How do you encourage employees to keep strong password?

  • Don't force employees to change passwords regularly. It'll only make them feel the need to switch out a special character or number, such as changing from "?" to "!". Only enforce password changes to strengthen IT security, not annoy the employees. 

  • Educate staff on password best practices. Ensure that your employees understand secure password characteristics. Here's a guide on how to create a strong password.


Employee password should remain secure at all times.

3. Only allow employees access to company files they need

It would help if you did not let every employee have access to all company files. Work with your IT department to set permissions on personal computers, service accounts such as printers and scanners, and company-wide accounts.

For instance, restrict a low-level employee's access so they cannot access sensitive company files and data.

 

4. Create a security procedure guide for employees

You can give out a security procedure guide to your employees to highlight the importance of IT security and how it affects the company. The guide serves as a reference when there's a breach in IT security, or an employee forgets a password. 

Here are some topics to cover in a security procedure guide:

  • What to do when an employee resigns or is terminated. HR needs to delete the former employee's account. The department should report all access points to company data so they can be disabled.

  • How employees should manage their account information. Employees cannot share account information with any other employees or write out login info on paper.

  • What happens when an employee's account is hacked. IT will show the source of the breach. The user may need to change their password. 

An IT guide should contain repeatable tactics that work that are easy to understand.

 

How HR can ensure employees take IT security seriously:

  • Train staff on cybersecurity and explain how it benefits the company.

  • Create a checklist for staff updates and another checklist for former employees' accesses.

  • Schedule password resets when required. 

  • Teach employees how to form a secure password.

  • Have more than one type of user verification.

 

This article only explains the basics of a company's IT security practices. However, it provides enough information so that you know where to start.

 

Source: Pegasus Technologies


Click this Whatsapp Link > https://bit.ly/3e5ZbSu and post your job ads on 5 job platforms at the lowest price ever!
You can also learn more about it at https://bit.ly/3x6Tmgd
You may also WhatsApp or call us at 018-9666 610 for more information.

Articles that might interest you 
Eight Workers Receive Back Wages From Company's False Claims
What Do Experts Think About the Minimum Wage Review?
Singapore & Malaysia Will Allow Travel on Compassionate Grounds

Share
Search
Categories
© Copyright Agensi Pekerjaan Ajobthing Sdn Bhd SSM (1036935K) EA License Number JTKSM 232C Terms & Condition Privacy & Policy About Us