3 Quick Ways to Secure Employee Data
One of the most important aspects of Human Resources in an organization is to keep employee data secure and safe from internal and external threats.
Cloud storage of data is more secure than traditional file cabinets; however, simply choosing cloud storage won’t cut it. There are additional steps that must be taken to ensure all security bases are covered. Also, remember to encrypt data before you upload it to cloud servers as an additional step in security. Never upload the encryption keys to the cloud. Just in case data is leaked, it is useless to anyone without the keys. You can read about a good example from Patreon here.
Encryption, in simple terms, is the act of password protecting data. The way it works is, it obscures the data and only restores it to readable format when the right password or key is entered.
One of the most high profile leaks of recent history has to be the one of Sony Entertainment Pictures, where emails and health records of employees were leaked to the public. Some say this was an inside job, which is why internal threats must be given the same priority.
Tech giant Apple is gearing up to go against the Department of Justice to uphold the integrity of encryption and other tech leaders like Google, Facebook are following Apple in support, it’ll be interesting to see how things play out.
As more and more companies start to take cyber security seriously, it is vital to take various steps to ensure sensitive data of the company isn’t vulnerable to attacks and is safely encrypted.
Prioritize Sensitive Data
All sensitive data must be identified and prioritized. This includes personal information like addresses, bank account numbers, social insurance numbers etc. must be saved securely in the company’s system. This information is readily available and you don’t have to go looking for it, so it is easier to prioritize. Confidential contracts and finance documents should be the next step, and it is generally a good practice to roll that out on the basis of departments.
Limited Data Access
Limit the number of employees who have access to sensitive and confidential data. Majority of the database management systems and online cloud based storage systems allow you to restrict data based on the employee’s role in the company. Ensure that confidential data is available to only those who need access to such data. Be extra vigilant to make sure that the accounts of employees that are no longer with the company are terminated as soon as possible. This will allow for the mitigation of risk of exploitation. Such restrictions allow to also keep a log of who accessed what data at what time and from where. This information is great when looking for red flags.
Do employees work from home? Disallow transferring of sensitive data from the employee’s work computer to personal computer. This would drastically reduce the number of unauthorized copies.
Employees must be trained and informed about security when they join the company and need to be given occasional refresher courses to bring them up to speed with changes in security. Employees must also be encouraged to use unique passwords for all their accounts, and passwords must not be shared. Cisco Networking reports about 18% of employees share their password. Keep in mind that if the passwords need to be shared, avoid writing them on Post-It notes and use password managers like LastPass that allow users to share securely and even generate secure passwords.
Remember, these tips should also be used in securing all sensitive data – whether it is employee data or data from various.
Want to learn how we can help you top grade your team? Click here to contact us and let us help you.
These should get you jump started, see below for additional reading resources.