9 Tips to Keep Your Applicant and Employee Data Secure
Posted: 08/19/2021 | Author: Jim Lochner for Creatives On Call | Tags: Thought Leadership
There has been a 400% increase in cyberattacks since the start of the pandemic. And with more employees working from home than ever before, cybersecurity issues are also more prevalent.
Unfortunately, most employees are not cybersecurity experts. That’s less of an issue in the office when they’re working on computers connected to the enterprise network. But the risk escalates when working from home, especially when workers use personal and work devices connected to the family’s shared Wi-Fi. They also may be more exposed to phishing or spear-phishing attacks and theft.
But employees aren’t the only considerations when it comes to cybersecurity. It is just as important to protect applicant information supplied during the interviewing process such as contact information, Social Security and driver’s license numbers, and financial information like bank account numbers, background checks, and credit card information. Let’s look at some tips to keep your applicant and employee data secure.
1. Establish a Cybersecurity Policy
Without a cybersecurity policy, you’ll be continually one step behind, which could be devastating for your company’s business if there’s a data breach. Create a solid cybersecurity policy and require all new and existing employees to review and sign it. Include specifications for remote work such as personal devices for work-related purposes, technical support, and physical and digital security.
2. Conduct Cybersecurity Awareness Training
Once you have your policy in place, conduct periodic cybersecurity awareness training to educate employees on common threats like social engineering attacks, computer sharing and personal use, unpatched devices, insecure home Wi-Fi, and weak passwords. Begin educating employees on standard network security practices during onboarding.
3. Improve Password Security
Even though experts have preached the importance of password best practices for ages, weak passwords still cause about 80% of data breaches. Some organizations force employees to regularly change their passwords (as often as once a month in extreme cases) even though most users make only minor, predictable changes to their passwords when forced to do so regularly. Instead, request employees to generate a new password only when there’s a reason to believe an old one has been compromised. And new evidence suggests that passwords made up of three random words may be better than a complex string of letters, numbers, and symbols.
4. Invest in Endpoint Security
Even the most security-minded employees can make a mistake and accidentally open a malicious attachment or respond to a phishing email. Ensure that remote employees have up-to-date anti-malware and firewalls installed and properly configured on all devices—not just those they use for work—to prevent malware and other digital bugs from spreading to all devices on the network.
5. Use Authentication
Modern authentication can prevent up to 99.9% of automated attacks. Two-factor authentication (2FA) is the most common, confirming a user’s identity by requiring a username and password plus another piece of information like an answer to a secret question or a PIN sent to their cell phone. If you’ve got the budget and want or need extra layers of protection, multi-factor authentication (MFA) uses retina, voice, or fingerprint recognition to further protect your data.
6. Back-Up Important Data
Use the 3-2-1 backup strategy—create 3 copies of all data, stored in at least 2 types of storage media, with 1 copy stored at an offsite location. Remote employees can also follow this strategy by having a local copy of work-related data stored on the main system drive, another stored on an external hard drive, and the third kept in the cloud.
7. Protect Internet Connections
The visibility of Wi-Fi networks makes them dangerous, and using an unsecured Wi-Fi network is the most common way to expose sensitive data to a security breach. If employees work from public networks like coffee shops and airports, require them to use a virtual private network (VPN), which will encrypt the internet traffic and monitor for any signs of infection. Ensure employees also have secured their home Wi-Fi networks with strong passwords using the WPA2 or WPA3 security protocol.
8. Bring Shadow IT Into the Light
Shadow IT—the use of information technology systems, devices, software, applications, and services without explicit IT department approval—has grown as employees, especially remote workers, have started using all kinds of tools to be productive. The IT department should be notified of specific software applications and hardware devices employees are using so it can take the proper steps to secure them.
9. Don’t Forget About Physical Security
Most offices are secure when it comes to theft and other physical threats, but remote employees are particularly exposed. Thieves, like cybercriminals, know that remote workers typically use expensive work computers and smartphones. So stress the importance of keeping home doors always locked. Companies can also subsidize the purchase of a home security system or smart cameras.
* * *
Employees are working on multiple devices from multiple locations, creating and sharing data in thousands of ways. This agile work culture boosts productivity but makes data more vulnerable than ever. Companies must ensure their data security keeps pace to protect business and personal information and creates a safe digital space that attracts and retains the best talent.
Need help with your cybersecurity strategy? Creatives On Call has experienced creatives standing by to assist with content creation, digital technology, and more. Give us a call!
This is a time for marketers to step up to the challenge and get creative in meeting current demands and behavior changes. Creatives On Call supports your business through this. Contact us here. We have Marketing professionals ready to start in areas including:
- Strategy & Advisory
- Design and Production
- Content Creation & Management
- Customer Engagement & Experience
- Learning & Knowledge Management
- Digital Technology & Transformation