How HR leaders can become advocates for software compliance

HR managers typically don’t concern themselves with IT; however, when it comes to software compliance, they should consider being the advocate within their organisation. Organisations now face a nearly one-in-three chance of being infected with malware when they obtain or install unlicensed software. This staggering number is compounded by the fact that one of the prime consequences of malware is the loss of corporate or personal data.

In late May this year, PageUp, a global HR services provider, made headlines around the world when they announced that malware attacked their systems, resulting in an unauthorised party gaining access to employee and job-seeker data collected by their customers. Millions of people were potentially affected by this incident – and personal details such as names, addresses and telephone numbers were exposed. Though the cause of malware is uncertain, the ensuing damage is clear: malware can lead to severe data breaches and other security risks, and malware-related activity can cost the global economy approximately A$820 billion annually(or US$600 billion annually), or 0.8 percent of the global GDP.

As malware threats increase and news outlets worldwide report more and more data breaches, IT is no longer the sole department leading the cavalry in maintaining the data security of a company – HR too must join the force. Here are some ways HR leaders can play their part in ensuring software compliance for greater data protection:

Building a culture of compliance starts at the top

There are now eight new malware threatsappearing every second of every day, leaving the door wide open for sensitive company, employee and customer data to be compromised. HR leaders need to take the lead in software compliance by advocating for stricter policies and their enforcement. Using their access to the C-suite through the company’s CHRO, HR can play a role in influencing key decision-makers to support better IT infrastructure, more robust data protection and company-wide software compliance.

From hosting educative sessions with the broader C-suite and external experts on cybersecurity and software compliance, to keeping relevant executives informed about the latest developments in HR software, HR leaders should do their part in keeping data protection in the forefront of the company’s mission.

Increased collaboration with IT

Fifty-four percent of CIOs surveyed in the BSA Global Software Surveyreport stated that lower security risks was the primary reason in ensuring their company software was fully licensed. Yet, in Australia, the rate of unlicensed software usage stands at 18 percent, indicating that there are still a lot of organisations and individuals that are failing to take data protection seriously. These CIOs also reported that their main concern related to malware that can accompany unlicensed software was data theft (46 percent); unauthorised access to their network (40 percent); and responding to potential ransomware (30 percent).

HR can help shift the needle on attitudes and policies on data protection by working in tandem with IT to advocate for company-wide software compliance – including the adoption of licensed software, and implementation of software asset management best practices. HR and IT can also partner on conducting periodic risk assessments with employees to identify security risks that may be posed to the company.

Cultivating a culture of compliance throughout the company

The C-suite and IT are not the only ones who should be informed; employees at every level of the company should also be educated on the threats that malware pose and the steps they can take to protect their data.

From awareness programs on password protocol, phishing scams and the different types of malware, to in-depth training on technology and software compliance, HR leaders should make these educative programs mandatory for all employees from the time they join the company. Additionally, HR can partner with the Internal Communications team to distribute a monthly newsletter to employees that includes information such as important technology updates that employees may have ignored or forgotten to install; coverage of data breaches in other companies and subsequent learnings from them; or a checklist on staying compliant with the latest developments in technology.

When it comes to data security, no stone should be left unturned to make this the greatest priority within an organisation. HR cannot sit in the sidelines in the war against malware, and should share the responsibility through advocacy and educative programs in ensuring that the entire organisation is equipped to protect themselves from threats to their corporate or personal data.


Gary Gan, Director – Compliance Programs, BSA APAC.

Related Stories