When you think about the kinds of data that identity thieves steal, credit card and Social Security account numbers come to mind. But there is other information that thieves can use, and in the workplace, the Human Resources department is a goldmine for personal data.
HR professionals collect resumes and job applications, interview records and notes, and letters of reference and employment verification. The department requires copies of background checks, drug tests, and driving records. HR handles employees’ medical records, performance appraisals, and compensation records. They handle termination forms and letters too.
Here are 7 areas of risk – and how HR departments can better protect confidential and personal information.
- Culture: Today, it is every employee’s duty – from the C-Suite to the production line – to make security a priority. To encourage and help everyone develop a ‘security first’ mindset, highlight the importance of security in company communications such as newsletters and reminder posters throughout the workplace. Also, embed secure work processes such as document disposal and a comprehensive information management policy so security becomes a habit.
- Security awareness: All organizations should provide on-going security awareness training that targets ‘insecure’ work habits and teaches employees how to recognize potential ID theft. A recent Data Breach Investigations Report by Verizon found that 63% of confirmed data breaches involved weak, default or stolen passwords. Other bad work habits include sending sensitive information to the wrong person, and not disposing of company information correctly.
- Mobile workforce: The increasing reliance on mobile devices in and out of the workplace increases security risks too, according to the 2017 State of the Industry Report by Shred-it. Have a strict Mobile Security Policy that helps employees develop security-driven habits. For example, use secure connections (not public Wi-Fi) for transferring personal or corporate credit card or bank account information. Use encryption on all mobile devices. The Verizon report showed that lost and stolen laptops and other mobile devices is another frequent problem – and security risk.
- Desk security: Along with IT safeguards for all hard drives, provide tools and resources for protecting various items. Each employee should have access to a desk or cabinet that can be locked – for safe storage of personal items as well as sensitive files and documents. Data security should be reinforced through policy and reiterated in new employee orientation.
- Employee ID: Some organizations use Social Security numbers or other personally-owned numbers for employee identification purposes – but this identifies employees and is a security risk. Make it a corporate policy to use more secure employee ID numbers and passwords.
- Clutter: The average employee still generates about 10,000 sheets of paper every year. Encourage employees to de-clutter and purge documents that are no longer needed. Implement a Clean Desk Policy and encourage employees to keep only information that is absolutely necessary.
- Document destruction: Proper destruction of confidential information is required by privacy laws and legislation, and a critical part of information security. For best results, partner with a trustworthy document destruction company that has a secure chain of custody and provides paper and hard drive destruction services.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.