How to Protect Your Critical Employee Data from Data Breach
Ensuring strong security measures at all points of data access, transmission and use, and when utilizing outsourced solutions can help avoid data breach.
www.managedoutsource.com
Managed Outsource Solutions 8596 E. 101st Street, Suite H 670 2809 Tulsa, OK(800) 74133
Today, protecting employee benefits data is a major concern for any business. Data loss can occur in many ways – hackers can gain access to your IT infrastructure, employees themselves may engage in hacking activities, and data breaches may occur when utilizing data entry outsourcing and such other support solutions. Data theft can lead to loss of critical information and also result in compliance failures, legal penalties, damage to your organization’s reputation and even loss of the entire business. So it is important to secure all data with effective, foolproof measures. According to the Chicago Tribune, last year the retirement accounts of 91 municipal employees were breached. Edward McAndrew, a lawyer with Ballard Spahr in Philadelphia and former cyber crime prosecutor for the Department of Justice points out that the breach at the consumer credit reporting agency Equifax affected 143 million US consumers. The accessed information included names, Social Security numbers, birth dates, addresses and in some cases driver’s license numbers and other credit card details. Data breach of health insurance coverage and retirement plans can put anybody’s finance and health life at risk. Why is data so vulnerable? •
Weak security measures are to be primarily blamed.
•
In hybrid/borderless IT architectures, data is stored in the cloud or distributed across many systems and applications, where it is more susceptible.
•
The BYOD trend in organizations makes it difficult to pinpoint what data insiders have access to and how they use it.
•
In many organizations, security is not taken as a process that merits constant review and adjustment.
Employers can take many actions to prevent data breach and protect data, and the following are some effective steps to consider: •
Try to record minimum confidential information: Review the types of information that you collect. Avoid entering information you don’t really need into your database. Companies may have sensitive employee information such as social security numbers, passport or driver’s license numbers on Form I-9, and also employees’ bank account information. Employers may also have personally identifiable information or PII that is requested from an applicant at various points in the job application process, and this
www.managedoutsource.com
(800) 670 2809
may include some combination of legal name, date of birth, social security number and driver’s license number. •
Train employees to avoid phishing attempts: Employees may be unaware about phishing and other similar tactics, and are likely to fall prey to a hacker’s effort to steal information. Phishing can lead to hacked accounts and loss of confidential company information. So employees should be trained well to protect their own as well as the organization’s information.
•
Safeguard your employee data: It is important to have a strong security system for safeguarding all sensitive information. Employees must be given training on keeping their personal information private.
•
Do not depend on credit checks when you are hiring a new employee: Be careful about checking credit as a condition for employment. Credit check may include fraudulent activities, so relying on that information could cost you a good employee.
•
Tell your employees to be watchful about new account fraud like credit card / loan that they did not apply for: A cyber thief may use stolen data to apply for a new credit card or loan. Employees should check not only a single account, but look for unauthorized access in each and every account. Hackers may use data stolen from one place to obtain access to another. In case employees identify any unusual transactions, they should check directly with the particular financial institution. It is important to remain cautious always because cyber thieves may allow some time to lapse before they use the stolen data. It is also a good idea for employees to request credit reports to rule out any suspicious activity.
•
Coordinate with third party administrators (TPAs) to monitor employee accounts for fraudulent activity: Ensure that the TPAs notify plan participants of possible vulnerability of their 401k accounts so that they can keep track of their assets and account activity. Also, encourage multi-factor authentication to access an account, or if they are not using it, incorporate additional security factors.
•
Ensure that vendors have adequate information security: Request for information from your third party vendor on security measures from outside vendors. Sometimes some link in the chain may allow unauthorized access to data systems. Make sure that the vendor has enough information security to protect payroll and health insurance details. Employers should also look for vendor adherence to ISO 27001 security standards and guidelines from the National Institute of Standards and Technology.
www.managedoutsource.com
(800) 670 2809
•
Report if your business has been a target before: Share information about any previous cyber attacks you may have experienced with the federal government. This will help alert other companies. If you don’t share information about data breach attempts to your systems, it makes it easier for cyber thieves to move on to the next target without any consequences. You may hesitate to share the data breach incident fearing liability, but under the Cybersecurity Information Sharing Act of 2015, companies have more protection from liability when sharing information about their cyber threats to their systems with the federal government so that other companies can be warned about the threat.
In the present digital world it is easy for cyber criminals to access data, which makes it important for organizations to ensure strong security measures at all points of data access, transmission, and use. When utilizing outsourced solutions for diverse business processes also, this should be a major consideration.
www.managedoutsource.com
(800) 670 2809