5 Ways to Help Safeguard Your Employee Data
Cybercriminal and identity thieves are out in force during tax season. They’re creative, clever and increasingly sophisticated. Are you doing all you can to protect your employees’ personal information?
Identity tax refund fraud is a growing epidemic, costing the IRS more than $21 billion in 2016. The IRS takes data security very seriously -- and so does our team at CIC Plus. Protecting personally identifiable information (PII) and the overall security of our services is our top priority and part of our core business. We’re continually making investments in our infrastructure as well as monitoring user activity for signs of potential fraud. Here are five steps you can take to help safeguard your employee data:
1. Know Your Client
Imagine your HR or payroll team receives an email request from one of your company’s executives, requesting a batch of employee data. Do you provide the information?
Now imagine the requestor isn’t a company executive, but a thief posing as the authorized individual over email. It’s not uncommon, and it’s an easy way for thieves to walk through your organization’s “front door” and gain access to your employees’ PII. Watch out for requests of large amounts of employee data, and confirm the ID of the person requesting the information.
The IRS reinforces this recommendation, reminding employers and employees alike to learn to recognize and avoid phishing emails, or phone calls and texts from thieves posing as legitimate organizations, such as banks and government organizations.
2. Beware of Phishing Email Attacks
An increasingly common type of identity fraud starts with phishing email scams that attempt to trick people into sharing their personal information to log into accounts by appearing to be valid email messages. Employers should encourage their employees to review any links closely to verify the web address before clicking to go to a site.
3. Consider Two-Factor Authentication
Two-factor authentication is a security process used by a growing number of companies where the user provides two authentication factors -- for example a password and a time-sensitive code generated on a mobile device -- to verify who they say they are. It’s an extra, yet critical, layer of protection. If a thief tries to access a system with a stolen password, they still can’t get in where the two-factor authentication process is employed. CIC Plus, like many organizations in our industry, applies this enhanced measure to secure our client data.
4. Your IT Team is Your Friend
Establish an open line of communication with your company’s IT team. Invite IT to take part in conversations about employee data security so you can work together to protect employee information. If your organization doesn’t already have an internal incident response plan, work with IT and other essential departments to develop one so you’re ready to quickly and effectively handle any incidents of employee data loss.
5. Educate Your Employees
Remind employees about basic but worthwhile steps they can take to secure their PII. The IRS offers tips you can share with your employees for increased security. For example, it’s not a good idea to reuse passwords from site to site. If the password to your personal email is stolen, it’s easy for thieves to gain access to other sites. Consider posting tips on your company intranet or working with your company’s communications experts to develop an internal campaign to reinforce these messages.