How to protect your employee's personal information
With how much technology has changed it has become rather easy for people to access other people's personal information, all they need to do is hack into the human resources computers and take a peek at what they are looking for. In fact you actually hear about how often this occurs on the nightly news. But even if you are not hearing about personal information stolen from a workplace the information can still be accessed and compromised on accident, meaning the employees accessed some files that they weren't supposed. But no matter what happens you as a business manager are in charge of making sure that your employee's personal information remains safe and secure at all times.
Difficulty rating: Moderate to difficult
Make sure that you are aware of where critical employee information and corporate data are located and who in your company has access to them.
You also need to develop an acceptable use policy for all employees that outlines appropriate use of corporate assets and employee information. When it comes to this policy you are going to want to make sure that you outline your company's procedures for if and when a violation takes place.
You are also going to want to make sure that you consistently enforce the policies and procedures that you have outlined in your manual. What this means is that if a violation occurs make sure you follow what is written down rather than just letting it slide. This will let your employees know that you are serious about keeping personal information safe and that you mean what you say, basically that you stand behind your policies and procedures.
You want to make sure that you regularly review and revise your existing policies to ensure that all necessary policy changes and additions have been addressed. You want to make sure that you keep it up to date because as technology changes so does where we store our personal information, not to mention but as technology changes we need to make sure that the wording is keeping up with the newer technology.
Make sure that your company has an internal incident response plan. What this means is that you need to make sure that you have a plan that you can follow and a team of employees who are trained to follow that plan in case something does happen. You also want to make sure that you have the appropriate resources in-house to handle an incident of employee information or corporate data loss or any kind of access by unauthorized employees or any outsiders.
But if something does happen and the employees personal information is breached there are some things that you are going to not want to do. And the reason that you are not going to want to do any of this stuff is because you can actually destroy potential evidence. Here are the ten common things that you should avoid so you don't compromise the investigation.
- Booting up the computer
- Turning off a relevant computer
- Browsing through the files on the suspect computer
- Failing to use a computer forensics expert
- Failure to involve all parties
- Failure to learn the lingo
- Forgetting or not making a forensics image of the computer or computers involved
- Copying data in "cut and paste" or "drag and drop" methods
- Waiting to preserve the evidence
- Failing to maintain a proper chain of custody at the time of collection