Post on 14-Apr-2017
SECURITY IN HRHow secure are your files… really?
Welcome! Please feel free to grab lunch at the back of the room
and we’ll get started shortly!
DAVID SECUNDAWorkBright CEODigital onboarding solutions for seasonal and rapidly hiring businesses
What We’ll Cover
• Headlines• The Scale• HR Targeted• How• Best Practices• Tips & Tricks
1
“It’s been a rough year for data security.
“ Including headlines losses from HR
Plus the SMB’s we don’t hear about…
Breaches are happening across ALL industries
Naperville = 144,864 Wrigley Field (41,072)+ Soldier Field (61,500)+ US Celluar (40,015)+ Ryan Field Northwestern (47,130)= 189,717
And the AVERAGE data loss is ENORMOUS
189,853 records lost per breach
HR people are the worst.
I mean, their job is to open up
and files all day. “
The HR Profile is Identity Theft GOLD
Identity Theft▫ Apply for Credit▫ Get ID▫ Tax Refunds▫ Medical Treatment
The HR Profile is Identity Theft GOLD
• Name• Nicknames, maiden names • Other Names• Current and past addresses• Social Security Number• Phone number• Birthdate• Email address• Medical (Health) history• Routing & checking acct #s• Salary information• Driver’s license• Licenses & certifications• College transcripts• Background check results• Fingerprints• Immunization records• Bios and Photos• Passport & social security card images
AWARENESS REDUCES EXPOSURE
Awareness starts with UNDERSTANDING
Let’s talk about how this happens.
“
How data is compromised…“the most common scenario appears to be the one in which a single employee gains access to the hard, paper version” Half Analog
◦ Photocopier◦ Recycling◦ Conversation◦ Files
Half Digital◦ Wrong Email◦ Wrong Fax◦ Email
Compromised◦ Sharing
Folders◦ Hiding
Columns
62%
How data is compromised…
Crimeware◦ Phone Pfishing◦ Email Pfishing◦ Website
Forgery◦ Malware > Link
Manipulation◦ Evil twin
wireless
Best PracticesWhere do you store old HR files?
Best Practice: Minimize Access!
Start with NO access policy
Then ask yourself:
• Do I need immediate access to this?• Do I need to hold on to this forever?• Do I really need to share this with…?
Best PracticesWhat’s wrong with this picture?
Best Practice: Slow Down!
Ask yourself:
• Is this email request logical?
• Is the URL correct?
• Does the login look different?
Best PracticesWhat do you do if you get this email?
Best Practice: Train Your Team!
• Missing Phone or Thumb Drive• Requesting & Transmitting Sensitive Data• Typical Scams• Tracking Access• Basic Security
(lock your door)
Best PracticesWhat do you collect and why?
Best Practice: Audit yourself!
Internal Onboarding Audit:
• Legacy application questions
• Changing regulations
• Old requirements no longer necessary
Tips & Tricks
Good: Use Password PHRASESBest: Use Password MANAGERS
PASS
WO
RD
S
Use 2-factor AuthenticationUse Google Authentication
2 FA
CTO
R A
UTH
ENTI
CAT
ION
Lock it down!Turn on remote kill switchH
AR
DW
AR
E SE
CU
RIT
Y
Turn it on!
ENC
RYPT
ION
• Don’t request via email• PW Protect• Permanently Delete
SEN
SATI
VE IN
FO
• Audit Trail • Access Control• Granular User
Permissions
SEC
UR
E SY
STEM
S
If you only do 1 thing…SET THE TONEAT THE TOP“
Questions? Ready to get secure with
WorkBright? Special Lunch & Learn Offer – First month FREE!
Schedule a demo today or by email at info@workbright.com