Blog

Tag: HR

5 Steps to protect your HR dataI recently wrote an article about the security of sensitive information in the HR department.  While everyone interacts with the people in human resources, most of us don’t think about all the sensitive information they have.

Most of us think about benefits and our 401K when we think about dealings with HR, but there is a lot more sensitive data that is under their control.  They also deal with your healthcare information, information about your spouse and family, customer financial information, employee resumes and salaries.  They also know when you have given notice to leave the company or when you change jobs in your current company.  Add to this the responsibility of developing and circulating company policies and a wide variety of interoffice communications.

Sharing company, employee and customer information with authorized internal and external users poses a unique security challenge for any organization, since HR needs to limit access to sensitive information.  While HR may be the first line of entrée into a company, they are also the first line of defense to protect some of the most confidential information in your company.

You need to encrypt sensitive data and apply security policies to it that ensure only authorized users have access to the information, regardless of where they are or the format of the information.  Here are 5 steps to help protect your HR data.

1. Encrypt received resumes

Since resumes from qualified candidates are intellectual property and highly valuable to a company, you should encrypt them and apply a security policy automatically as soon as you receive them.  This also includes information on criminal background checks and drug testing.  This limits access to specific internal users.

2. Lock down files when an employee gives notice

When someone changes jobs within a company or gives notice to leave, you should change the security policy on sensitive company information.  You can remove them from a group that has access to information from their old job, so they only have access to information that pertains to them.

3. Maintain Client Confidentiality

You should apply security policies to customer contracts and financial information so that only those customers, appropriate outside agencies and internal employees have access.

4. Protect Intellectual Property

HR knows the people and contractors assigned to different departments and projects, so it’s important to work with them to restrict intellectual property (IP) to those that need access to it.  When a contractor leaves, access should be revoked, rendering IP useless to them.

5. Circulate Policy Manuals In-House Only

Company policy can encompass everything from sexual harassment policy to paid time off.  This information is as important as anything in your business, but should be available to every employee and contractor.  Security policies need to be flexible to allow access by all authorized parties.

 

Your HR department is the front door to your organization, so you need to implement and enforce security policies to protect the most important information in your business.  This is the best way to restrict access to employee PII and ensure that your organization’s important data is secure.

Data protection in Human ResourcesI recently wrote an article about protecting confidential data that flows through the HR department.  This is an area that many people forget when thinking about the most sensitive information in an organization.

Everyone thinks about the obvious, like maintaining information about current employees.  But there are many other pieces of sensitive data flowing through HR.

Resumes and personal information about potential employees come into the HR department as managers post job requisitions.  In today’s world, candidates require criminal background checks and drug tests that need to be kept confidential.  As a company hires people, references, existing health information, 401K data and salary details are maintained by Human Resources personnel and inside information systems they access.

The information on potential employees is just as sensitive as information on existing and former employees.  My company keeps my social security number so it can pay me.  It has my name, address, telephone number and bank account information.  It may have pension and retirement plan information.  It knows about my healthcare coverage and my health status.  It also has this information on those people that have left the company through retirement, layoffs or changing jobs.

That’s a lot of personally identifiable information (PII).  If my company was hacked or someone on the inside decided to steal some of that information, I and my colleagues could be the victims of privacy violations and fraud.  Given the sensitivity of this information, how can an organization restrict access to only those people that need to have it?

HR must categorize or classify the data by its sensitivity.  PII is of the highest value and should be limited to HR management and those in HR who need to use it for their jobs.  Once classified, that information should be encrypted and assigned a security policy that limits its access to those people, regardless of where the information exists.  If this information accidentally or deliberately got into the wrong hands, it would be inaccessible and useless.

Federal and state laws require that PII be retained for a certain amount of time once an employee leaves the company.  After that, the information should be destroyed automatically.  If it’s stored in an information repository, retention rules can delete it.  If it’s stored in files on file shares or locally, access can be revoked after an expiration date is hit,

In a role that requires protecting and sharing sensitive and valuable information, the human resources department has arguably one of the more challenging data-handling responsibilities. Encryption and permission control policies can help streamline these tasks after the data is classified.  This is the best way to restrict access to employee PII and ensure that the organization’s important data is secure.

IT Business Edge shows how Fasoo protects HR dataHR departments have a unique set of security challenges to maintain the confidentiality and integrity of internal staff and external clients.  While maintaining the confidentiality of personally identifiable information (PII), they also develop and share information that needs wide distribution.

Managing these somewhat contradictory requirements requires an approach that is flexible enough to protect against insider threats, while enabling secure sharing.

IT Business Edge has published the slideshow, “Data Protection: Five Challenges Facing the Enterprise HR Department”, that highlights five functions of an enterprise HR department and how Fasoo can help meet the specific access and permission requirements for different tiers of information.

Most companies think about employee PII and information that is generally under the control of HR, but how about when someone leaves the organization?  HR is one of the first to know and can inform the organization of a pending departure.  This helps ensure the organization can immediately disable access to sensitive materials, if there is a concern of theft.

View the slideshow and see some of the ways you can protect your most sensitive information.

Categories
Book a meeting