We often hear in the news about data breaches where personal information of employees has been compromised and left them open to identity theft. Many of these breaches could have been avoided if certain safeguards had been put into place beforehand, as many occurred from carelessness and employee error. Identity theft continues to be a problem in the United States and once it happens to an individual, it can be costly and time-consuming to make things right again.
Employers are required to their employee records for tax purposes and for verification of their right to work within the United States. In 2009, the Personal Data Privacy and Security Act failed to pass Congress into law that would have set guidelines for the strict monitoring of electronic records by employers. Even though this bill failed, employers do owe some level of protection to their employees to protect their personal information from the prying eyes of other employees and hackers who infiltrate their network.
Here are some simple ways your business can protect your employees’ information:
1. Secure the Information
Employee information should only be accessible to your human resource department. Years ago, information was only kept on paper and in file cabinets that could be locked. However, now most companies store this information in databases on their computer network. The access to these databases should only be given to those who need it, namely the human resource department. This of course can be easily achieved by implementing group policies on your network that only allow that department access to employee data.
2. Prevent Storage on Mobile Devices
Under no circumstances should confidential employee data be stored on mobile devices such as laptops or USB drives. If someone needs to work remotely with this data, they should only be allowed to access it through your network and only if they have been given the appropriate rights to it. In 2006, the personal information of 26 million United States veterans was compromised when a computer analyst who was working with the information had his laptop stolen from his home.
3. Institute a Clean Desk Policy
Many businesses require employees who have access to confidential employee records to abide by a clean desk policy. This means that if they walk away from their desks, they must lock their computers to avoid unauthorized access to these records. Additionally, there should be no scraps of paper or post-its lying around their work area with passwords written on them that can be taken or copied.
4. Encrypt Employee Data
Several states such as Nevada and Massachusetts require employers to encrypt employee information files that are backed on various storage devices. This includes archives that are stored on tape, hard drives, and other storage mediums. The data stored upon these devices must be obliterated before the devices are disposed of.
5. Institute an Acceptable Use Policy
As we have become a more mobile society, employees will often request to use their personal devices to access company networks in order to do their work. This adds an additional danger to sensitive information that can be accessed through these devices. If employees are permitted to use their personal devices, then they must be required to sign an Acceptable Use Policy. This may require them to install a device certificate or install remote-wipe software that will allow your IT department access to their personal device.
Protecting personal data is everyone’s responsibility within a company and every employee should be made aware of the dangers and consequences of data breaches. By remaining vigilant and employing the proper procedures to safeguard this data, the probability of breaches occurring will be drastically reduced.