Have you recently checked how your employees feel about safety of their personal, very sensitive data (or should we say – Personally Identifiable Information) that are stored across your HR administration and Payroll systems?
If not, here’s friendly advice: it is about time.
The major security breach in 2017 will be long remembered, for it has affected 44% of the US citizens, compromising 145 million (!) social security numbers, over 200,000 credit cards, driver’s license numbers and other personal information.
Here’s what’s really going on: employees nationwide are FURIOUS.
The Infamous Security Breach
After Equifax announced the data breach back in September 2017, the Internet exploded with search queries on how to protect yourself from the breach and its consequences. This question is still trending on Google, and no one is going to forget about this soon.
People are enraged. For months they have been unable to find a way to cancel the company’s services, yet – the threats of data abuse are still imposed upon them.
US citizens confronted serious consequences, such as being a victim of identity theft 15 times in less than three months! They have been desperately calling support and requesting that their files be deleted — in vain.
Why are they worried to that extent?
Because the stolen PII is sold on the dark web that is not easily accessible to vast majority of web users, nor user-friendly. The price of a Social Security Number is as low as $1. “Family packages” go around $10 per a “bundle of SSNs”. These are extremely popular because they allow tax fraud.
Terrifying enough yet?
Here’s more: hackers can often access PII long before a breach has been exposed to the public. Equifax, for example, announced the breach to the general public on September 7th, while the first unauthorized access occurred July 29th.
Can it get any worse?
Yes, it can. The company knew the outdated Java framework called Struts was vulnerable to security standards. Patches to remedy the vulnerabilities were available months before the breach but were not put into place.
How Furious Are Employees?
They are fuming — and they have every right to be. The company has refused to delete their files, even though their disregards for security put them in harm’s way. Now, those affected are addressing the media. Not only are employees restricted from deciding who has the right to access their PII — they were also informed that trying to prevent data inputs will result in serious consequences. NY Times’ journalist, Rob Lieber, writes about employees’ endeavors and the emails he has received since Equifax revealed the breach:
“Peter Herman, a self-described recovering attorney in Charleston, S.C., had a typical experience: a long wait, a number of prompts, a disconnection and a firm “no” on deleting his file. Then came an odd warning from the live human being he did reach. Any attempt to get his lenders to stop sending payment information to Equifax, Mr. Herman said he had been told, might result in his credit score being ruined because his payments would be marked late.”
How Employees Really Feel
Beyond rage, employees feel let down, powerless, and afraid. They do not want to be seen as a mere number in a system, but as a valued employee with the right to data security. Employees worry about their safety day in day out, desperately seeking a resolution to this injustice.
You, as an employer, have the power to give your employees a sense of protection, by advocating for their digital security.
To test the idea of an individual employee trying to resolve this issue through their own company rather than through direct source of breach, Ron Lieber of NY Times, asked his employer — the NY Times — “to cancel its contract with Equifax for a service called Work Number, which provides employment verification and other details like work history and salary.”* After considering the idea, his employer decided to accept his request.
*To get the broader image of that event, and what it means for millions of unhappy employees around the country, read Roy’s full article here.
This Affects Your Company, Too
Your employees may be thinking and feeling the same. They may be scared to bring up their feelings due to negative consequences they could face afterwards. Your employees are under a lot of stress, and now more than ever they need to be reassured their company cares about employee security.
If your employees feel that their safety and security is not put first, they will perform less productively or work less efficiently in teams. Ensure your employees feel safe and protected. Find a vendor focused on your employees’ data security, so they can focus on their job at hand.
What Can You Do?
Communicate with Your Employees
Proper, honest, and direct communication is the best way to avoid a problematic situation. No matter how busy you are, find time to meet with your employees and openly discuss the current state and possible solutions. Do your best to understand their points of view, and take their requests into consideration.
Conduct A Survey
If bringing the entire company around the table is next to impossible, and you can’t manage to organize team meetings, invest some time into creating a survey. Send all your employees a personal email to let them know you are on their side, reassure them that you have their best interest in mind, and ask them to fill out the survey to help you understand their needs.
Explain How Your Security Systems Work
Comfort words are nice, but they don’t solve any problems. After the exposure, employees need proofs that their information is truly protected in order to finally feel relieved.
Make an effort to explain to your employees how your security systems work in a nutshell, let them know who, and under which circumstances, can access their data, and if they are notified upon such an event.
Look at The Issue from An Employee’s Perspective
Nobody is immune to a breach, whether you are a summer intern or the CEO. Your personal data is all stored in the same place, and lack of security means you are just as susceptible to a data breach. As a decision maker, you can choose a vendor who takes security seriously.
Listen to Your Employees
…and find a solution everyone will benefit from.
Let us spare you the headache of inadvertently exposing your company’s employees to identity theft and financial losses.
Meet Verifyfast: a 100% FREE of charge A VOIE solution that eliminates unwanted entities from obtaining employee information.
You will gain access to a team of experienced professionals that act as your outsourced VOIE department, dedicated to disseminating only the approved data to the approved verifiers.
Verifyfast is not a data reseller, but a direct furnisher of data focused on employee experience and security.
Ease your employees’ minds: the verification of income and employment can happen only after the employee has given permission for the verification. Both you and your employees can review who requested a verification, the type of verification requested, and the time and date of the verification. A verifier must go through several layers of security to ensure they were given permission by the employee to receive the verification.
All your data and applications rest in a closed, secure network with up-to-the-minute intrusion detection using current threat models. This closed environment is audited annually to SOC 1 and SOC 2 standards. All data is encrypted in transit and at rest.
Verifyfast runs constant scans against the most recent database of threats on both network and applications. Any framework vulnerabilities are exposed and addressed immediately. The application model is simple: it does not introduce outside frameworks, reducing our footprint of potential vulnerabilities.