Cyber-attacks and data breaches have emerged as threats to the everyday lives of American consumers and the daily operations of businesses. According to the Identity Theft Resource Center, 2016 saw an all-time high in data breaches, with 1,093 such incidents reported. As for 2017, it isn't looking much better: The ITRC breach report for this year, most recently updated Oct. 3, noted 1,056 total breaches of organizations to date, leading to the exposure of 171,071,424 records and documents.
"Employers must protect their workers' records, including work authorization documents full of sensitive personal info."
When hacking efforts or breaches compromise a business's databases, the staff's records and all of the data they contain are every bit as vulnerable as customers' financial information. Employment records held by HR departments, which include Form I-9 and related work authorization documents, are ripe for exploitation due to the sensitive info they contain - Social Security numbers, banking information, photocopies of state and federal identification, and so on. Because of this, it behooves employers to not only to implement proven cyber-security solutions and best practices throughout all of their digital infrastructure, but also to use software with thorough encryption measures for I-9 and E-Verify processes.
Minimize use of SSNs
Several state and federal laws require the collection of SSNs in certain employee documents: for tax reporting and withholding, background checks, work authorization, new-hire reporting and enrollment in company health insurance and benefits plans. However, beyond these mandatory purposes, the Society for Human Resource Management recommended employers use SSNs as little as possible.
SHRM created a sample SSN-use policy outlining that this data point shouldn't be in employee identification records or materials aside from those noted above. Employee contracts and agreement documents, timecards, passwords and company account records all fall under the umbrella of the organization's recommended SSN exclusions. Also, it's best to restrict access to documents containing SSNs to those with legitimate reasons to examine them.
Choose the right countermeasures
You've certainly heard of network firewalls, and may even have one up already. However, according to Small Business Trends, it's much wiser to run at least two firewalls simultaneously - one for data passing through the website and another strictly for internal records.
Additionally, if your website doesn't already feature Secure Sockets Layer protection, upgrading to it immediately is a wise choice. Small Business Trends noted that SSL certificates are widely viewed as the "gold standard" for webpage security.
The strength of end-to-end encryption
Some cyber-security measures will be more effective for small businesses than others, according to TLNT. End-to-end encryption stands out among these and can perfectly suit the needs of an enterprise looking to protect employee verification information and other highly sensitive personal data.
The operating principle behind this method involves clever deployment of data. Files safeguarded with end-to-end encryption aren't ever decoded on a company's servers or within its cloud network, but only become viewable when downloaded to an employee's laptop or mobile device. An intruding individual with malicious intent - known as a "black-hat" hacker - could in theory hack an individual device, but doing so will be extremely difficult if your HR staffers have laptops, tablets and smartphones with high-end anti-virus protection that's equipped to spot phishing email scams.
I-9 Advantage's Security Provisions
I-9 Advantage fully understands the importance of cyber-security. From the dual-firewall protection surrounding our network - supplemented by anti-virus solutions and intrusion prevention measures - to the high-grade 2048-bit SSL encryption. We ensure that partnering with us for your work authorization compliance needs never constitutes a risk to your information's safety.
Our network infrastructure provides the highest level of network protection. We’ve implemented best-in-class technologies including dual, separate firewall technology
providers, intrusion detection and prevention technologies, and multiple anti-virus providers. We ensure protection by consistently assessing the security of our network, and testing the possibility of data breaches, cyber-attacks, and gaps in security.
Security of information is also protected with data loss prevention measures, using a three-tiered approach to data center failover. Our N+1 component design allows us to have redundancy, with everything from CPU to backup generators. Should a local or regional disaster occur, we have multiple geographically diverse data centers to fail-over to.
Learn more about I-9 Advantage’s security standards here.