Are You Keeping Your Employee Records Safe?With great power comes great responsibility, especially when it comes to keeping your employees' personal information secure.
Business owners are required to keep a lot of sensitive personal information on each of their employees, including their address, social security number and possibly even their bank account number. Regardless of where you store that info — in physical files, on your computer or in the cloud — your top priority is keeping it safe.
According to Sat Sindhar, managing director of HR software provider People Apps, business owners have “a moral duty of care” to protect employee information and are also legally bound to keep it from falling into the wrong hands.
With cyberattacks in the news constantly and identity thieves getting smarter and smarter, securing your data has never been more important. Sindhar shared these best practices with NCR Silver.
Related: 7 Scams that Target Small Businesses
Keep paper files under lock and key
“There are some people who you don’t want looking at employee records,” said Sindhar. “For example, you don’t want colleagues getting hold of each other’s files, and you definitely don’t want a visitor picking up the wrong paperwork and taking it home with them.”
If your records are stored in a filing cabinet, keep the cabinet locked (don’t leave the key in the lock) and know who has access. Make sure only those people who need access to the files can get to them.
“Not only is this important for complying with data protection legislation, but it can also save you from embarrassing moments and even severe disruptions to business operations,” Sindhar said.
Use strong passwords
When it comes to data security, you’re never too small to be safe. You should already be using a strong password for logging into your computer — and changing your passwords often — but it’s even more critical when employees’ personal information is at stake.
Don’t use a password based on personal information, such as your birth date or a pet’s name. These can be guessed by a disgruntled employee or someone else who knows you (and, in the case of your birth date, even by someone who doesn’t). “A strong password should have nothing to do with your personal information and contain an uppercase letter, lowercase letter, a special character and a number.”
Add another layer of security by requiring a different, equally strong password to open files containing sensitive information, Sindhar said.
Lock your computer screen
Never leave your computer logged in and unattended, suggested Sindhar. “Even if you’re only away for five minutes, if somebody walks past your computer and decides they want to look around, there’s nothing stopping them if you’ve left it unlocked. Locking your computer every time you leave your desk protects your sensitive files and employee records.”
Do some spring cleaning
Another best practice is getting rid of any sensitive employee records you no longer need. Once a year, go through your files and delete any personally identifiable information you can on former employees (and while you’re at it, make sure your current employee files are up to date).
The big question, said Sindhar, is how long these records must be kept after the employee has left the company.
Check with your small business attorney to make sure you’re complying with state, federal and industry-specific rules for maintaining records. For example, employee drug test results can usually be disposed of after one year, but businesses subject to Department of Transportation regulations must hold on to drug test records for five years.
Use a secure HR information system
Investing in a secure information system built for human resource management is another way to ensure your employee information is kept safe, said Sindhar.
“Even if you operate a small company, this is the best choice, as you get fast access to any records you may need at any given point, as well as the ability to quickly edit — and save a history of — any information that changes during the course of your employees’ careers,” he said.
Related: 5 Reasons to Consider Outsourcing HR
Today, most HR systems are cloud based. But if you have an HR system that lives on your own server, it may pay to move it to secure cloud-based location. Your IT provider can help you with that — and help you move data to the cloud even if you aren’t using an HR system.
Wherever your digital records are stored, talk with your IT provider to make sure they have the level of encryption needed to protect them.