As your HR Tech stack gets deeper and you bring on more cool digital tools to enhance your recruitment processes, data security is becoming more “important stuff to know about” and less “boring stuff the CIO drones on about”.
Massive security breaches aren’t just embarrassing, they can cost millions of dollars in lost productivity, time-consuming fixes and open you up to legal issues with severe penalties.
When you’re looking for a new HR tech tool, the stakes are high – you’re trusting a third party with information about real people and real lives. A recent breach at one Australia’s major ATS’s shows what a big deal this is. It’s had ongoing ripple effects, as their clients work out how to manage recruitment in the aftermath.
So, yeah, this is serious stuff, and protecting your company and your candidates means we all need to start really thinking about it, rather than seeing it as just another box for your tech-team to tick. Before handing over to your CIO and their security questionnaire, here are five non-technical questions you can use to pre-vet your potential HR tech provider.
1. What’s your personal data retention policy – aka, what are you doing about GDPR?
GDPR (General Data Protection Regulation) has got a lot to say about your responsibilities for protecting your employees’ data – and yep, it’s relevant even if you’re in the United States.
Under GDPR, which came into effect in May 2018, a data breach is a very big, very expensive problem – even if that breach happened in a third-party system, like in HR technology. When you ask this question you’re looking for reassurance that the data held in the HR Tech provider’s system is automatically encrypted, which helps side step a lot of issues if there’s ever a breach.
2. Do you use a third-party expert to assess your software security?
The answer you’re looking for?
Most HR tech providers will tell you they follow security best practise, take security seriously and other, similarly vague statements. The real proof is when an outside company is employed to dig into the provider’s security measures. The output will be a report that your provider should be happy to share with you.
3. What’s your plan if there’s a breach?
We’ve all seen Ocean’s 11. The reality is that even the most secure system in the world can still be breached – and mostly because humans are involved.
63% of confirmed breaches can be put down to “weak, default or stolen passwords.” Employees are also constantly working around your water tight security policies. Since you can’t get rid of your humans, it makes sense to plan for a breach – what will your potential HR tech provider do? They should have an effective disaster plan that will reduce your system down time, limit recovery costs and secure your data again fast. You want the HR Tech-equivalent of a survivalist bunker with a year of canned food and water.
4. Can you help me check up on you?
As a professional people-person, you know about checking up on a candidate’s claims. You’d call references, and look into their records to confirm they are who they say they are. The same background checking applies to choosing your HR tech provider. A reliable vendor will be happy to connect you to past customers. Ask for any accredited awards they’ve been given and check if they hold or are working towards ISO certification.
If you’re interested in adding Weirdly to your HR Tech stack – creating a world-class candidate experience, reducing volumes and getting you to the best candidates, faster – we’d be happy to answer these questions (and more!) for you.