On September 7, 2017, consumer credit reporting agency Equifax suffered a massive data breach. The incident affected 143 million U.S. consumers whose names, addresses, birth dates, social security numbers and in some cases, driver’s license or credit card numbers were stolen. The enormity of this violation is another reminder why cybersecurity is a vital part of running a business. Here are five things the Equifax breach can teach us about holding confidential data.
Train Employees to Secure Information
Help employees identify links intended for phishing so your employees don’t download malware. Also, numbers for social security cards, driver’s licenses, passports or bank accounts electronically stored on Forms I-9 need to be protected. In addition, personal identifying information (PII) such as legal names and dates of birth must be kept confidential. Employees who leave the company need to be monitored to ensure they don’t take along private information.
Check Vendors’ Cybersecurity
Confirm your payroll processor and health insurance provider each have a vendor agreement that includes provisions concerning security breach notifications, including who pays for it. Ensure your vendors adhere to the strongest security standards set by ISO 27001 and the guidelines set by the National Institute of Standards and Technology. In addition, make sure HR, IT and legal work together to create a detailed security questionnaire that a vendor needs to complete before a purchase order is approved.
Encrypt Data and Devices
Passwords are insufficient because they can be discovered. Also, encrypted data that’s secure today may not be secure in the future. Encrypting all devices means protocols can be put in place to erase data after detecting unauthorized access.
Destroy Hard Drives
When recycling computers, destroy their hard drives and other data-carrying media. Erasing or reformatting hard drives is insufficient. If the computers end up being used by others, PII such as usernames and passwords may be discovered.
Notify the Government
Let the government know when your company experiences a data breach. The Cybersecurity Information Sharing Act of 2015 provides companies more protection from liability when they share with the government information about threats to their systems. Other companies can be alerted so they can take steps to lessen the chances of future breaches.
Partner With Arlington Resources – an Award-Winning HR Recruiter
To find top HR candidates, partner with Arlington Resources – an award-winning HR staffing agency in Chicago!