As businesses become more reliant on software technology to automate numerous jobs and to transfer data from one area to another — internally or externally — the more at risk they become as potential targets in efforts to steal the valuable information they hold by actors with devious intent.

It’s no longer just the I.T. Department’s job to communicate to all levels of employees within an organization to practice common sense online security protocols as well as educating on the importance of strong password requirements.

It’s now more important than ever for HR to get more involved to help promote online security awareness to all employees in their organization.


Because the HR department is a cavern that holds a trove of sensitive information that can be exploited to the benefit of these bad actors. Data being held by the HR department includes both current and previous employees’:

  • Social security numbers
  • Medical history
  • Compensation information
  • Benefits
  • Phone numbers, addresses and more

To help keep online and data security top-of-mind, HR can do some of the following items to keep awareness high:

  • Host mandatory online security training and how to avoid phishing schemes, malware dumps, trojan attacks and more
  • Work with marketing to promote internal messaging on online safety via email, poster boards, brochures, infographics, videos, etc.
  • Requiring strong security standards to be implemented throughout and more

For this article, let’s focus on strong password creation strategy that the HR department, and, even the whole company should probably be promoting to everyone involved in the business.

Educating Employees on Strong Password Creation

Manager teaching an employee

Today, more-and-more businesses are requiring their employees to use the following when creating their personal passwords:

  • Upper case letters
  • Lower case letters
  • Numbers
  • Special characters—$, !, @, *
  • Total character amount between 8-32 characters

According to Pegasus Technologies, passwords constructed by the average person are usually highly predictable. Predictable passwords make it easier for criminals to decipher and to gain access to an organization’s stockpile of business-critical data.

The following example uses the requirements above to create a hypothetical password that is more than likely a good candidate to be easily cracked by bad actors:

  • Capital letters are first—Jarofhoney
  • Words that are usually followed by numbers—Jarofhoney3
  • Random numbers that are easy to remember in a chain—Jarofhoney345
  • Special characters to close it out—Jarofhoney345!

Avoid giving your passwords away so easily on a silver platter.

Try this instead: !aroFHon3y

Finally, HR professionals should look further into the agenda items below to help promote common sense, safe online practices to pair with the requirement of strong passwords by all employees to protect organizational data:

  • Providing continual training on cybersecurity best practices and how it protects both the employee and the organization
  • Scheduling password resets when necessary
  • Creating an HR checklist for employee access and updates including a list on what to do when an employee is terminated
  • Implementing an IAM system (manual or automated) that manages, authorizes and audits employee accounts
  • Adopting the use of a password manager to safeguard user credentials
  • Providing the use of more than one form of authentication

Data security should always be top-of-mind for all levels of stakeholders within their place of employment. Start with requiring strong passwords and go from there.