Q: What are the best ways to keep company data secure?
A: Below are some best practice tips from an HR perspective for keeping you and your company's information safe.
• Protect your network with security software and keep this software up-to-date. A quality firewall is a must. As is encryption for your sensitive files.
• Install quality antivirus and anti-malware software on all computers used for company purposes, and set up regular scans.
• Back-up your files and databases on a regular basis. If your files are ever compromised, you don’t want to lose everything. Having a recent backup will enable you to restore your data so you can continue to operate.
• Train employees on your internet safety and security policy and procedures, your security software, recognizing potential security threats, and creating strong passwords. Training also should include your response plan.
• Regarding passwords, avoid dictionary words. Use multiple letters, numbers, and symbols. Phrases or long acronyms are especially hard to ascertain or break.
• Note in your policy what security measures employees should follow when they’re out of the office and not using your firewall and secure network.
• Be extremely cautious of unexpected emails that ask you to click a link to log into an account to update information or fix a problem. These are likely fake and designed to steal valuable information.
• Never enter credit card numbers or other valuable information on a website that is not secure. If a website is secure, its URL will begin with HTTPS, instead of just HTTP. You should also double check that you’re on the site you intend to be on whenever entering such information.
• Never, ever email sensitive information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. Email databases and accounts are inherently insecure, and if malicious parties get access they can often see or get everything.
• Scammers may also pose as company executives or employees to steal information. If you receive a request to email any such sensitive information, do not respond to it.
• When getting rid of physical documents with sensitive information, use a secure shredding company to ensure proper disposal and that documents related to an employee's identity are secure.
• When getting rid of hardware or donating it, completely wipe its hard drives and storage. You don’t want someone finding an old company laptop, thumb drive, or computer and gaining access to information stored on it.
If an unauthorized person acquires or accesses an employee’s personal information, do you know what to do? Watch our free webinar that will help you be aware of ongoing requirements to safeguard employees’ private personal information and help you understand the role that HR plays in strengthening your organization's cybersecurity.