Keeping data secure and protected should always remain a top priority.
Working in IT, we consistently see news about companies being hacked or encountering a data breach. While unpatched software can be the culprit of this, in most cases it is human error that leads to a breach. As technology users, we all have to stay vigilant to data leakage, especially when dealing with HR data.
Whether it’s going to a fake website loaded with malware, opening a phishing email, or sending data via unencrypted email to a misspelled email address, there are several ways sensitive data can be accessible to the wrong parties.
While OutSolve does not accept social security number as an employee identifier, other sensitive data elements, such as job title, salary, and employee name can still lead to embarrassing, and possibly legal implications. With that in mind, here are some best practices when it comes to keeping human resource data safe.
Always confirm the website you are visiting is the one you intended to visit. This one seems simple, but whether via Google search or just mistyping a web address, a user can innocently end up on a malicious website. When in doubt, close it out.
Phishing emails can be a tricky thing. Not every phishing email will be obvious. In numerous cases, you can quickly spot a phishing email because it purports to be from a bank or a website you never visit. However, there are instances, particularly in the case of Spear Phishing emails, where it appears to come from someone you know, or a site you do always visit. In these cases, before clicking on a link in an email or opening an attachment, always check the From email address to see if the email matches the sender it states the email is coming from. Also, check for inherent misspellings or grammatical errors in the body of the email. Finally, mouse over any links in the email to view where they will send you if you were to click on them. These are fairly clear indications that will tell you if the email is from someone valid or not.
When sending email, be sure not to just hit send without taking a second to verify whom you are sending an email to. Outlook has a great feature to allow for auto-filling in the email address of someone you frequently send emails to, just by typing the first few letters of their email address. However, numerous times people hit the first letter, and assume the first email listed is the person they intended to send to. Always double-check the To, Cc, and Bcc fields before hitting the Send button.
OutSolve has several ways we protect client data. We utilize a secure client portal to receive client data. We also offer clients the ability to send large amounts of data via Secure FTP utilizing PGP encryption. Finally, we also have the ability to send encrypted emails. OutSolve also commissions a SOC 2 Type II report on an annual basis, to provide clients with additional peace of mind that our facilities, policies and practices have been verified by a third party. All of this helps prevent data leakage, and keep client data secure.
In summary, no method is 100% fool-proof to prevent a data breach. As such, we have to remain as vigilant as possible to keep data secure. If you have any questions on how to secure your data, please give us a call.