Census 'hack' puts HR on alert for staff personal info

With the current furore surrounding ABS and the census, what can HR learn from the outage and possible hack?

Census 'hack' puts HR on alert for staff personal info

The outage and alleged hack of the census website has provided a timely reminder for HR departments to take care of confidential employee information.
Privacy fears had already congregated around this year’s census – fears which were further exacerbated when the site went down on Tuesday night (9 August).
In light of the denial of service attack – which crashed ABS servers rather than gave criminals access to confidential data – HR should consider the best ways to protect personal information within the workplace.
Cyber safety & culture
It is important for HR to instil values of safety amongst staff when using technology. This especially applies to commonly used yet risky behaviours such as password sharing, IT expert and professional penetration tester Asher DeMetz told HC.
“Password sharing is a security risk because the password gets written down,” he said, “and what is written down can be seen by the wrong pair of eyes.”
Screening out malicious candidates
In the recruitment process, it is important to conduct background checks on all potential candidates to prevent security risks, said Mark Silver, Chief Security Officer at First Advantage.
“Despite the technological sophistication so often associated with information theft and security issues, there’s a fundamental layer that relates to human resources and people management,” he told HC.
“It can be easy to focus heavily on IT solutions like firewalls and anti-malware, which are important, but there should be no mistaking the fact that data breaches also have a lot to do with people making either bad decisions or mistakes.”
Haunted by the ghost of employees past
Even when an individual leaves an organisation, it is important for HR to ensure that any information about that person is kept safe. In the event you want to destroy data, be aware of your legislative obligations, Craig Searle, chief apiarist at Australian cybersecurity firm Hivint, told HC.
“If you want to get rid of the data you’re holding on an employee who has perhaps left the company, it’s understanding what the legislative and regulatory requirements are around when you can get rid of that data and what appropriate measures you can take in getting rid of it, like secure deletion processes and that sort of thing.”


Recent articles & video

Global 100 HR lister tells how HR strategy for merger took unexpected turn

Australia's gender pay gap declines to a new low in 2023

Was manager's firing for 'manipulating sales figures' unfair dismissal?

Can you fire a worker who was put on a performance management plan?

Most Read Articles

Employee wellbeing on the decline, study warns

Should employers mandate a full return to office?

New disability employment pilot program for certain businesses including Kmart, Target