So, You Think HR Isn’t Responsible for Information Security?
The Human Resource department should be at the center of any strategic corporate decision. Making sure that information stays safe and secure is paramount.
5 October 2016
The Intralinks HR Security Series is a monthly blog series authored by Michal Kimeldorfer, Executive Vice President of Human Resources at Intralinks, created to inform HR professionals about the importance of information security when handling confidential files and provide best practices for secure collaboration.
How many among us cringe when we read the almost daily data-breach headlines? Just a few days ago it was reported that hundreds of millions of Yahoo! users’ accounts have been compromised. What’s almost unfathomable is that “OH $#¡+” moment that you must feel when you learn that you were responsible … or even just part of the problem.
As an human resources (HR) executive, I fully appreciate the sensitivity of the information I handle. If a confidential document were to get misdirected, it could have market-moving effect on my company — or a direct personal impact on the employees, candidates and customers that I interact with.
I am starting this blog about HR and information security because secure document exchange is an area that HR teams struggle with globally (I know I did), and I believe we need to take a more active part in thinking through information security solutions. Our companies, business partners and internal teams depend on our discretion as an organization, and we need to continue to provide that in the digital age.
By way of introduction, my name is Michal (pronounced Mee-hal) and I am originally from Israel. Professionally, I didn't start off in the HR discipline; my journey began as a corporate lawyer where confidentiality and information security are equally salient topics.
In the context of this discussion, my legal background helps me to understand the complex dynamic of the multi-jurisdictional business environment that we are all playing in today. I see extremely confidential HR files flowing constantly through my office. And I understand how work on high-value/high-risk content can be cumbersome when weighed down by antiquated systems.
As a brief example, while working in one of my previous roles, I needed access to sensitive compensation history. The data was saved in a Microsoft® Excel spreadsheet in an HR folder and was password protected. The person who had the password was no longer at the company and no one remembered the password … only with IT’s help were we able to open the file. Clearly, having to ask IT to unlock confidential files is not a good process — and the fact that they could unlock them at all defeats the purpose of a security program.
In launching this blog series, I hope to kick off a vibrant dialogue and connect with my HR peer group to discuss and debate how HR can take the lead in building a culture of security awareness and information protection without being bogged down by outdated processes. Some key topics that I’d like to touch on include: mitigating the hidden causes of data breaches, personally identifiable information (PII), dealing with Europe’s GDPR legislation, and others.
My next installment will be about how HR is at the epicenter of company, employee and customer data protection. In the meantime, you can contact Intralinks to learn how we can help your organization securely share documents easily.
Michal Kimeldorfer is the Executive Vice President of Human Resources at Intralinks. She is an accomplished human resources leader with extensive global leadership experience. Michal comes to Intralinks from Adama Agricultural Solutions, where she led human resources in Asia and the Americas. Prior to Adama, she was the leader of global compensation and benefits at Comverse. Before Comverse, Michal worked at Ernst & Young – Tel Aviv as a director of global employment solutions. She began her career serving as a corporate attorney for law firms in Israel.