Certain industry types require extra security and data sensitivity. When you make your career in one of those fields you get used to certain standards when it comes to protecting the data that you process. But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting.
In part 2 of this 4 part series, we continue to talk about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.
HR Electronic Communications – What should you secure?
Human resource professionals often deal with some of the most sensitive information a company owns. We often think that the payroll department is the sentinel of our constantly-accessed personally identifiable information, and while that is true, human resource professionals access and process mountains of our sensitive information regularly. Bottom line: the HR department is the first and last stop in protecting employee confidentiality.
Because email is and continues to be the most widely used method of communicating internally and externally to an organization, HR professionals need to be extra diligent about protecting personally identifiable information and be especially worried about email security. As the keepers of everything from social security numbers to bank account and routing numbers, HR departments are one of the most targeted departments within an organization.
If you work in HR, take a look at your inbox. It’s more-than-likely a veritable treasure trove of data about your employees. Everything from W4s to spreadsheets with employee information gets transmitted through your email. And while you may think the data is safe as long as it’s being shared internally, once you hit “send” you have no control over where that data will ultimately end up. This is why it is incredibly important to use an email lifecycle management tool that not only tracks your email — so you’re assured of its destination — but stores your emails in an encrypted environment.
But what should you be protecting? The short answer is everything you send, but let’s look at a few of the most commonly overlooked items.
Employee Review Forms — many forms used by organizations contain an employee’s personally identifiable information in the header of the form. But because we often think of an employee review form as relatively innocuous, we don’t secure it when we send the email. This is a mistake and can open the organization up to a data breach.
Spreadsheets — HR departments thrive on spreadsheets to manage the day-to-day management of personnel. While these spreadsheets are often password protected, a simple password is easy enough for even the most newbie hacker to break. When you send your spreadsheets, make sure to add an extra layer of security by encrypting the email.
New Hire and Annual W4 Forms — many employers and employees will email these documents to each other. Because they’re relying on the assumed security of an internal email network, both employers and employees may open themselves up to a data breach by not securing the email.
Policy Changes — when sending policy changes to employees its imperative to make sure that all of your staff has received and read the change. While most email clients have a return receipt option that can be enabled, that’s often not enough to provide proof that an email has been received, opened, and read, which means the HR department has to chase down acknowledgments. Save time and money by using postmarked email.
Workers Compensation Claims — these forms have a wealth of information about employees and often need to be emailed externally, to insurance companies and medical offices. Like spreadsheets, the document may be password protected, but a simple password is simply not enough to thwart a hacker.
HR is the first line of defense in protecting an organization from a data breach and protecting the livelihood of its employees. One of the easiest ways to protect your organization from a data breach is to use a robust email lifecycle management solution.