The Intralinks HR Security Series is a monthly blog series authored by Michal Kimeldorfer, Executive Vice President of Human Resources at Intralinks, created to inform HR professionals about the importance of information security when handling confidential files and provide best practices for secure collaboration.
How many among us cringe when we read the almost daily data-breach headlines? Just a few days ago it was reported that hundreds of millions of Yahoo! users’ accounts have been compromised. What’s almost unfathomable is that “OH $#¡+” moment that you must feel when you learn that you were responsible … or even just part of the problem.
As an human resources (HR) executive, I fully appreciate the sensitivity of the information I handle. If a confidential document were to get misdirected, it could have market-moving effect on my company — or a direct personal impact on the employees, candidates and customers that I interact with.
I am starting this blog about HR and information security because secure document exchange is an area that HR teams struggle with globally (I know I did), and I believe we need to take a more active part in thinking through information security solutions. Our companies, business partners and internal teams depend on our discretion as an organization, and we need to continue to provide that in the digital age.
By way of introduction, my name is Michal (pronounced Mee-hal) and I am originally from Israel. Professionally, I didn’t start off in the HR discipline; my journey began as a corporate lawyer where confidentiality and information security are equally salient topics.
In the context of this discussion, my legal background helps me to understand the complex dynamic of the multi-jurisdictional business environment that we are all playing in today. I see extremely confidential HR files flowing constantly through my office. And I understand how work on high-value/high-risk content can be cumbersome when weighed down by antiquated systems.
As a brief example, while working in one of my previous roles, I needed access to sensitive compensation history. The data was saved in a Microsoft® Excel spreadsheet in an HR folder and was password protected. The person who had the password was no longer at the company and no one remembered the password … only with IT’s help were we able to open the file. Clearly, having to ask IT to unlock confidential files is not a good process — and the fact that they could unlock them at all defeats the purpose of a security program.
In launching this blog series, I hope to kick off a vibrant dialogue and connect with my HR peer group to discuss and debate how HR can take the lead in building a culture of security awareness and information protection without being bogged down by outdated processes. Some key topics that I’d like to touch on include: mitigating the hidden causes of data breaches, personally identifiable information (PII), dealing with Europe’s GDPR legislation, and others.
My next installment will be about how HR is at the epicenter of company, employee and customer data protection. In the meantime, you can contact Intralinks to learn how we can help your organization securely share documents easily.