When you hire a new member to your staff, there is certain vital information you need from them to produce their payroll and submit their taxes. Keeping these records safe from potential identity thieves, whether it is on paper or preserved electronically, is critical for your corporation. Here are a few ways you can do this.
Only authorized personnel should have access to this data on your systems. Document who these people are within your organization. Write up a set of protocols to utilize this information and ask the approved employees to sign off that they read and understood it. Provide them a copy of this material if they request it. They should be educated on what parts of the files they can look at and under what circumstances they can use what they have read. Set aside time to train them in the company procedures and review this material if it is updated. Be certain that they understand that duplicating any of the information can lead to a reprimand, including possible termination of their employment. The fewer staff members who have permission to facilitate this data will limit the chances that it will be stolen and misused.
Decide which information should be secured then develop strong passwords to protect it. If you are able, encrypt the data as well. Research different antiviruses and determine what is cybersecurity as it applies to your corporation. Keep these files on one dedicated server that can be accessed from a single point. Your IT department might be capable of taking care of this for you. However, you also will want to contact an outside organization to protect something like this. If you choose this route, ensure whoever you work with has the proper certifications and insurance to take care of the data for you. Paper records should be kept in a locked cabinet in a secured room. Only one employee must have the key. They can determine which files are too sensitive to allocate and which requests can be fulfilled.
When you do gather personal data from your staff, steer away from asking for items such as social security numbers or medical information. This prevents the temptation to steal these figures then to use them to open up bank accounts or credit cards in another employee’s name. Look into the laws in your community and state about what records you can have on hand and which you must avoid. You should also check how long you have to retain them and the correct method of disposal. If you must have this data to complete their employment paperwork, be certain that you lock the finished applications away and that you are the only one with access to open it.
If you believe information has been taken, contact a forensic expert to help you gather evidence. Keep your staff away from the server that has been hacked until you are given further instructions. This does include your IT department. There might be pockets of information on the hard drive that your in-house computer people will accidentally erase or overwrite. These deleted segments might identify who took the files and at what day and time. If you have a handwritten log of those who accessed the server, pull the few days previous so that you can give them to the police and the expert you are bringing in. Gather the departments involved, such as IT and human resources, and make them active participants in the investigation. Brainstorm about the details of the theft together. One group may have information that they can share that will be critical to the case.
If the computer these files are on is currently shut off, then keep it powered down. Remove it from where it is stored and lock it where it will be left alone. If it is currently on, ask the forensic expert to instruct you how to close it down correctly. They may choose to come to your facility to do it themselves. If the server is powered up once it has been shut down or it turned off too quickly, it can lose the evidence that it holds. If the hard drive holds data other than your employees’ personal files, you should replace the hacked one with a computer that can work in its place for the meantime. Whether the theft occurred in the paper or the electronic files, fight the urge to look for the stolen records yourself. Those involved may know the date and time, and your tampering might be damaging to their case.
You might believe that making a copy of the stolen files will help the process. However, leave the duplicating to the forensic experts and the authorities. Following the incorrect procedure can corrupt the evidence that points to the thief. If you are instructed to clone the data onto another drive, avoid using copy and paste to move it to the new device. This method will relocate the primary information on the drive but will leave behind the deleted files, which are most likely the ones that were taken.
Call the forensic expert as soon as you suspect that the theft has occurred and schedule for them to come and process the server. Avoid waiting long for this to happen. The more time that the computer sits idle with the power off, the higher the chance that the data you are looking for will be corrupted. They can walk you through protecting your information and preparing it for authorities to review. Take down the name of every person who comes in contact with it until it is in the hands of the police. If you find that the hard drive has been tampered with after the discovery and the files in question are lost, you will have a list of names to talk to about the damage.
While there are only a few employees who have access to these sensitive files, you will want to schedule training sessions to review the security procedures of your company with everyone in your company. These classes can encompass all of your confidential information, such as revenue, product design, customer lists, and other databases. Explain the proper procedures to handle files such as these and which ones your staff can use and which are restricted. Review what the consequences are if they misuse this data and what to do if they suspect that the information has been tampered with. Have a signed acknowledgement that your employees understand the rules that you taught them kept in their personnel file so it can be referred to if there is ever an incident. If there are updates to your policies, set aside time to explain these changes companywide. When you hire a new member to your company, they are trusting you with certain aspects of their identity so that you can file their employment taxes and provide them with a paycheck. It is your responsibility to protect their vital information from thieves who want to profit from it. Whether it is on paper or in a database, establishing security measures to safeguard this data will keep you and your staff safe.
You must be logged in to post a comment.