Although many companies focus on keeping customer data safe, cyber criminals also target employee information.
The U.S. Chamber of Commerce shares the following steps small-business owners should take to ensure employee information is stored securely.
- Comply with local and federal regulations. There are state and federal rules that govern employee privacy and recordkeeping, addressing which records must be kept, for how long and how records must be retained. For example, the Americans with Disabilities Act dictates businesses restrict access to employee medical records and keep them separate from employee personnel files.
- Only gather information that is necessary. Keep only the employee information you need for hiring and payroll. For example, you likely do not need an employee’s Social Security number unless you are performing a hiring background check; in fact, some states prohibit collecting and storing employees’ Social Security numbers. If you must collect personal information, you can anonymize it by, for example, assigning an employee identification number to each employee.
- Develop a workplace records policy. This policy should determine a retention schedule for how long you will keep certain pieces of information on file; which employees can access certain types of files and review them; how employee records will be stored and saved; how records will be disposed of once retention requirements have been met; and how you will regularly review and update your records policy and security measures.
- Implement robust security tools. Some key tools include firewalls, multifactor authentication, automated threat detection, data encryption, and antivirus and anti-malware software. Employees should use password managers and be trained regarding risks. You also should restrict employee information to only those who need it and require access authorization for individual applications.
NRCA has partnered with Acrisure, Grand Rapids, Mich., to offer NRCA’s Cyber Liability Insurance Program. Learn more.
