Hardly a week goes by without a new data breach making the headlines. Companies in different industries are constantly re-evaluating their security postures to determine how best to deal with the protection of sensitive and confidential data.
A lot of effort is focused on financial and customer data, but most companies overlook all of the sensitive employee information they possess and the risks associated with storing and accessing it. This is a major area that seems to be neglected when it comes to protecting company information.
According to a recent survey titled “The State of Encryption Today”, employees’ data are not protected at the same level as business related or customer information.
Below are some interesting statistics provided by this survey:
• Failure to consistently encrypt Human Resources files – 43%
• Failure to consistently encrypt financial or banking details of company employees – 31%
• Failure to encrypt healthcare information – 47%
These are significant numbers. While companies seem to concentrate on securing customer data to avoid hitting the headlines, the findings seem to point to the fact that protection of sensitive employee data is overlooked.
While companies accept and use encryption widely to ensure security, there are still some critical gaps. Encryption is mostly implemented to secure sensitive information at rest, or in motion, but there is a significant threat gap when data in use is often overlooked.
Traditionally most of us associate Human Resources departments with benefits or 401K plans. In reality they possess and control so much more sensitive data – employee healthcare information, banking information, spouse and family information, salaries and resumes just to name a few.
The State of Encryption Today study goes on to point out that 75% of respondents said they need to improve how they encrypt sensitive information and 69% said they plan to increase use of encryption over the next two years.
Below are some sound and proven suggestions to consider when companies re-assess their security posture specifically around their Human Resources departments:
- Encrypt sensitive data and apply security policies – ensure access only by authorized users, regardless of location or format
- Encrypt sensitive employee benefit or healthcare information
- Secure and control employee criminal background checks and drug texting information
- Protect employee contracts and financial information
- Secure files and access when an employee or a contractor leaves company
Companies have the same obligation to protect sensitive employee information as they do with their customer or business related data. Protecting sensitive employee data should not be overlooked as it requires the same rigor. Strong encryption and persistent security controls are highly effective tools that should be considered as companies re-evaluate their security policies.