I recently wrote an article about the security of sensitive information in the HR department. While everyone interacts with the people in human resources, most of us don’t think about all the sensitive information they have.
Most of us think about benefits and our 401K when we think about dealings with HR, but there is a lot more sensitive data that is under their control. They also deal with your healthcare information, information about your spouse and family, customer financial information, employee resumes and salaries. They also know when you have given notice to leave the company or when you change jobs in your current company. Add to this the responsibility of developing and circulating company policies and a wide variety of interoffice communications.
Sharing company, employee and customer information with authorized internal and external users poses a unique security challenge for any organization, since HR needs to limit access to sensitive information. While HR may be the first line of entrée into a company, they are also the first line of defense to protect some of the most confidential information in your company.
You need to encrypt sensitive data and apply security policies to it that ensure only authorized users have access to the information, regardless of where they are or the format of the information. Here are 5 steps to help protect your HR data.
1. Encrypt received resumes
Since resumes from qualified candidates are intellectual property and highly valuable to a company, you should encrypt them and apply a security policy automatically as soon as you receive them. This also includes information on criminal background checks and drug testing. This limits access to specific internal users.
2. Lock down files when an employee gives notice
When someone changes jobs within a company or gives notice to leave, you should change the security policy on sensitive company information. You can remove them from a group that has access to information from their old job, so they only have access to information that pertains to them.
3. Maintain Client Confidentiality
You should apply security policies to customer contracts and financial information so that only those customers, appropriate outside agencies and internal employees have access.
4. Protect Intellectual Property
HR knows the people and contractors assigned to different departments and projects, so it’s important to work with them to restrict intellectual property (IP) to those that need access to it. When a contractor leaves, access should be revoked, rendering IP useless to them.
5. Circulate Policy Manuals In-House Only
Company policy can encompass everything from sexual harassment policy to paid time off. This information is as important as anything in your business, but should be available to every employee and contractor. Security policies need to be flexible to allow access by all authorized parties.
Your HR department is the front door to your organization, so you need to implement and enforce security policies to protect the most important information in your business. This is the best way to restrict access to employee PII and ensure that your organization’s important data is secure.