Home Features How HR and IT Teams Can Streamline to Reduce Risk and Data...

How HR and IT Teams Can Streamline to Reduce Risk and Data Theft

According to a study by McAfee, the computer software security provider, internal actors are responsible for 43% of enterprise data loss — about half of which is accidental.

Data breach

Businesses sink a lot of time and effort into finding the right candidate for a position. One SHRM survey, for instance, found that the average cost-per-hire is more than $4,100 (a conservative number). However, all that time and money become immaterial if the employee has a poor and inefficient onboarding process.

By Jill Pappenheimer and Michael Sellai, BPM LLP

According to one online survey, 93% of employers agree that a good onboarding experience is critical to determining a new hire’s decision to stay. However, Gallup’s 2017 State of the American Workforce report found that just 12% of employees “strongly agree” that their employer does a good job at onboarding. Combine with this the fact that replacing an employee costs businesses an average of 21.4% of the lost employee’s salary and it becomes clear how urgent the need is for businesses to develop effective onboarding processes.

Delegation of Duties

One fundamental source of this problem with onboarding can be attributed to the delegation of duties within a business. While HR professionals are generally in charge of posting positions, conducting screening interviews, extending offers, etc., it has been a separate IT process to collect employee information for  — setting up enterprise software accounts, assigning employee devices, deploying applications to said employee devices, and everything else associated with getting an employee to work on company IT. And while HR professionals use often-sophisticated human resources management systems, or HRMS, to manage the hiring process, IT organizations are often starting from scratch when onboarding employees, lacking access to all the important information already collected during the hiring process that could save them significant time. This not only drags down IT organizations but also causes critical delays for new employees to get acclimated to their new organization, acquire needed equipment, and do their jobs effectively.

This less-than-ideal situation usually is not the result of HR and IT jousting for responsibilities. Ask any IT person how they feel about onboarding and they will tell you they would prefer to focus on other priorities, like performing system maintenance and keeping company data secure. Moreover, most HR and IT professionals will agree that as much as possible of the onboarding process ought to be left in HR’s capable hands.

The Automation Solution

How can HR and IT teams that have each been in charge of gathering this essential component of onboarding abdicate these key day-to-day responsibilities solely to HR professionals? The solution lies with automation. By leveraging integrations, typically through APIs, between the company’s HRMS and its identity management systems, IT can enable new employees to automatically be set up in the majority of the company’s enterprise systems, using the data collected from employees from new-hire (online) paperwork to automatically populate most of the necessary fields. Where that data is insufficient, the identity management system can be set up to automatically prompt new employees for information, allowing the HRMS to become the single source of truth.

Similarly, for the management of employee devices and other hardware, IT can use mobile device management, or MDM, the solution to automatically customize the set up of devices using data provided by employees to the HRMS. And should any relevant HR data be changed, such as the employee’s job title or department, or even if the employee leaves, that information can automatically be replicated from the HRMS and the appropriate changes can be made.

This is what we call “zero-touch onboarding,” and the best part is once it is set up, IT and HR both have very little to do with day-to-day onboarding tasks with regard to IT. The essence — and the strength — of this approach is that it makes the HRMS, rather than strictly IT management systems, the source of all data related to employee attributes, including but not limited to pay, benefits, paid time off (PTO), and job title and function. More precisely, the zero-touch approach makes the electronic employee file or record the single source of truth for IT and HR data in cases where those two systems interact. Having a single source of truth drives data integrity, which in turn drives consistency and accuracy.

Before going to IT to ask them to enable zero-touch onboarding, HR professionals will want to ensure a few conditions are met first. The first is to ensure that you are capturing the right kind of HR data. For instance, your HRMS might contain fields that are technically optional, but essential from the perspective of setting employees up with IT. Once you have identified where the gaps in the data are, you will need to not only update data that is currently missing, but also update your processes and procedures so that this information is automatically captured and updated in the future. Another useful step is to ensure your current organizational chart and your HRMS’s representation of it are consistent. Having the organizational taxonomy be accurately reflected in the HRMS makes it easier for IT to customize applications so that they automatically assign people the right kind and level of credentials, which helps them maintain a secure IT environment.

Managing Risk

A smooth onboarding process is not only about enabling the employee and immersing them in company culture and practices — although that is an important aspect, to be sure. But from a risk management perspective, onboarding is more than anything a critical vector for data loss or theft. According to a study by McAfee, the computer software security provider, internal actors are responsible for 43% of enterprise data loss — about half of which is accidental. In a business environment subject to ever-increasing cyberattacks, corporate espionage, and other nefarious threats, applying rigor to employee data and systems access is essential. And new employees in particular, who lack familiarity with systems or processes, represent a particular security risk. Again, collaborating with HR to ensure that there are well-defined groups that drive consistency with regard to application access ought to be the starting point for managing risks associated with security. Note that this will likely involve some negotiation: HR and management want to ensure people have enough authority that they can complete their jobs effectively, while IT typically wants to minimize risk arising from what they see as excessive access. Ultimately, the balance arising out of this dialogue is beneficial to the business.

Onboarding is only one source of risk associated with employee transitions, unfortunately. End of employment, or “offboarding,” whether it comes about as the result of lay-off, dismissal, or resignation, also represents an important source of risk for businesses. It is unhappy to think about, but an employee that leaves through no choice of their own can be a threat to their former employer. The direct monetary risk of a disgruntled former employee — i.e., lawsuits or shakedowns — seems to be generally well understood. But the unique IT risk of former employees is often overlooked. When an employee leaves an employer, everything from cloud ERP credentials to email and slack accounts to employee badges needs to be dealt with. Businesses, then, should have clear, established processes for how to handle the accounts and credentials of former employees. Moreover, the offboarding process should begin immediately, with any access the employee held to company systems fully revoked upon their final shift. This last requirement is predicated upon the assumption that IT and HR stay in communication with each other. Here again, an automated solution that alerts the InfoSec team upon any changes to employment status made to the HRMS is invaluable, and establishing this connection should be a priority of HR and IT teams.

An Easy Alliance

To sum up, in today’s technology-driven business environment, onboarding with company IT is with few exceptions the precondition for an employee to start demonstrating their value in their new role. Yet onboarding at many organizations remains haphazard, in large part due to disconnects between HR and IT. With today’s HRMS technologies and APIs, however, HR and IT departments can collaborate to create a single source of truth in the HRMS, and zero-touch onboarding process that not only saves both organizations time and money but is also more efficient and empowering for employees.

About the Authors

Jill Pappenheimer is a partner in the HR Consulting practice at BPM, a West Coast-based accounting and consulting firm that ranks among the 50 largest in the U.S.



Michael Sellai is a partner at BPM and leads the firm’s Managed IT Support group.




The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.