Home Depot. Target. Equifax. These companies are only the tip of the iceberg when it comes to data breaches. Beneath the headlines are thousands of incidents targeting businesses of all sizes - 58% of breaches so far in 2018 affected small businesses. As companies look to bolster their defenses against cyber-threats, HR teams are being asked to help out.
Why? Because HR often serves as a centralized hub where sensitive employee information is processed, making HR employees prime targets for malicious hackers.
Protecting your employee’s personal information, however, doesn’t have to cost millions. When it comes to HR security, a small change in behavior can make a big difference.
Below is a short summary of our HR-evolution Strategy Guide, designed to help HR organizations in 5 security focused steps. For more information, along with real-world examples, and actual steps to put into practice in your own organization be sure to download our full whitepaper below.
New employees have a lot of information to take in when joining a company. Where does security training fall on the onboarding priority list? Due to the onslaught of information, new employees are especially vulnerable to phishing attacks. They often appear as a request to enter information, something employees do for legitimate reasons dozens of times during a typical onboarding experience.
Documents containing PII or other sensitive information should never be shared over email. Even the most secure email services cannot stop the recipient from saving the file to their local hard drive. Once saved, it can create an additional vulnerability outside of your control.
The growth of cloud file-sharing applications has made sharing information via encrypted servers easy, and often times, free. While these platforms, such as Box, Dropbox and Google Drive, cannot stop the recipient from misusing that information, they do provide safeguards. They limit file access to specific parties, and allow for specific time-limits. Data will remain encrypted on secure third-party servers and access can be revoked at any time.
A good rule of thumb is to always treat your employees’ data like your own. Would you give your personal or financial data to someone without verifying their identity and reason for request first?
Verify the third party A quick Google, or even LinkedIn, search may give you the information you need to verify that the request is coming from a legitimate person. As a second step, it’s important to verify that the email address being used by the third party is coming from a legitimate organization. You can do this by running another google search using the @domain.com of their email address.
Confirm with the employee Although conflicts of interest may prevent you from divulging the specifics of the request, we encourage HR teams to confirm with their employees that someone may be requesting information on their behalf. Here’s an example of how to get the conversation started:
“Hey Tracy, I received a request to verify your employment from a third-party. Were you expecting any verifications?”
Working with trusted third-party software providers is crucial in minimizing HR security threats. With many teams moving their HR operations to the cloud, security screening is more important than ever.
Best practice is to schedule a regular review of the software you are using with both your internal IT team as well as the vendor. Keeping security top of mind will help minimize third-party vulnerabilities.
Have you ever gone through a security training, only to forget the majority of the content a few months later? Sadly, many of us have. Not to fret though, being proactive with preventive security measures is easy. Simple email reminders about phishing attacks, or sharing the latest security breaches in the news, are great ways to remind employees about the ever-present risks in cyber security.
These tips are just to get you started, we’ve created a comprehensive strategy guide HR teams can adopt to help safeguard their employees and organization.
Get the full whitepaper HR-evolution, How to Protect your Employee Data.