Security is an important factor in communications, and should inform overhauls to a company’s HRIS. By starting with a comprehensive assessment, companies can evaluate their current HR security status and improve it through targeted changes. Krebs on Security recently highlighted the lax email security policies that may have put Chipotle at risk.
Krebs on Security recently highlighted the lax email security policies that may have put Chipotle at risk.
According to the source, one applicant discovered that the domain name for the reply email address Chipotle included in its recruitment emails, chipotlehr.com, was unregistered. By purchasing it, this person suddenly began receiving emails meant for the company’s HR system, creating a major security breach for the important HR data these messages contained.
While a spokesman from the business said that this address “has never been a security risk of any kind,” the situation does illustrate the possible confusion that can crop up in a poorly monitored HR email system. K Royal of CellTrust Corporation addresses the difficulties surrounding email security in a piece for IT Pro Portal.
“Organisations typically back up their email servers because they recognise that the information they contain is so important to their operations, yet they frequently don’t go a step further to encrypt that valuable data,” he writes. “Ideally that encryption should be applied end to end: when messages are in transit and when at rest on servers and devices such as desktops and laptops.”
Before HR system implementation even begins, consultants may help departments address key weaknesses with a thorough assessment.