The 5 Ws of HR Technology Security – iBTR

The 5 Ws of HR Technology Security

Has your organization authored a security plan for your HR Technology? If not, the time is now.

With more and more scams plaguing the digital world these days, it’s imperative for business leaders to know what steps to take in an HR technology emergency. Start the process of authoring an HR technology catastrophe preparedness plan by considering The 5 Ws.

WHO – Identifying WHO needs to be involved during a technology emergency is step one. Keep an updated list of contacts for internal and external support personnel. Consider your vendor support teams in this list as well.

WHAT – Know WHAT the objectives are for your plan. Obviously, you want to protect the sensitive data within your organization (employee PHI, banking info, etc.). Consider any other information you want to protect, like access to web content or proprietary processes.

WHERE – Define WHERE your sensitivities lie and the ways to access each one. Target the areas within your HR technology for specific steps in the event of a technology catastrophe to support the ability to act quickly.

WHEN – Track WHEN your systems are backed up and updated. Notice any variance in the schedule and reach out to vendor support teams with any inquiries and resolution.

WHY – Communicate WHY the security plan is important to your internal team. Educate your team on the importance of the plan and help them familiarize with each step that applies to each department.

Once the 5 Ws are defined and identified, the remainder of the plan will be easier to author. A simple process for authoring such a plan is to adhere to these five principles:

  1. Protect – a solid security plan should be both proactive and reactive, considering all potential “points of entry” for all types of data sets.
  2. Respond – your security plan should detail not only the steps that will need to be taken, but also include additional information such as weblinks and login credentials for timely and efficient responses.
  3. Recover – planning out the recovery process is important. Consider contingency plans and opportunities with careful precision.
  4. Test – this is the most crucial part of any plan. Business leaders will have more confidence and find more success in a well-tested plan.
  5. Repeat – schedule times to run through your security plan several times per year or even per month. Repetition will help your team identify opportunities for efficiencies as well as any missed needs for additional security.

Refer to our recent blog Tech Catastrophe Prep Steps for Employers for additional information about the types of security attacks we are seeing in the industry.

If your organization would like to consult with BTR about technology security, please email your inquiry to


About the Author

Hayes Stevens supports BTR brokers and their clients with their HR technology initiatives and serves as the team lead for BTR’s consulting division. With over 10 years in the HR Technology industry, he provides unparalleled expertise to clients through a strategic, long-term success framework and approach.