Income Verification

Employers, Protect Your Employees from Security Data Breaches Before It’s Too Late


Emptech's founder, Jeff Aleixo


Jeffrey Aleixo

protect employees from security breaches

Have you recently checked how your employees feel about the safety of their personal, very sensitive data (or should we say – Personally Identifiable Information) that are stored across your HR administration and Payroll systems?

If not, here is a friendly advice: it is about time.

The major security data breach in 2017 will be long remembered, for it has affected 44% of the US citizens, compromising 145 million social security numbers, over 200,000 credit cards, driver’s license numbers and other personal information. As a result, employees nationwide are furious.

The Infamous Security Data Breach

After Equifax announced the data breach back in September 2017, the Internet exploded with search queries on how to protect yourself from the data breach and its consequences. This question is still trending on Google, and no one is going to forget about it soon.

equifax breach trending

People are enraged. For months they have been unable to find a way to cancel the company’s services, yet – the threats of data abuse are still imposed upon them.

US citizens confronted serious consequences of this data breach, such as being a victim of identity theft 15 times in less than three months. They have been desperately calling support and requesting that their files be deleted — in vain.

Why Are They Worried to that Extent?

The stolen PII is sold on the dark web that is not easily accessible to vast majority of web users, nor user-friendly. The price of a Social Security Number is as low as $1. “Family packages” go around $10 per a “bundle of SSNs”. These are extremely popular because they allow tax fraud. If this isn’t terrifying enough, here is more. Hackers can often access PII long before a data breach has been exposed to the public. Equifax, for example, announced the data breach to the general public on September 7th, while the first unauthorized access occurred July 29th.

Can It Get Any Worse?

Yes, it can. The company knew the outdated Java framework called Struts was vulnerable to security standards. Patches to remedy the vulnerabilities were available months before the data breach but were not put into place.

Make sure security issues never waste your company’s valuable time and resources and provide your employees with guaranteed security.

How Furious Are Employees?

They are fuming and they have every right to be. The company has refused to delete their files, even though their disregards for security put them in harm’s way. Now, those affected are addressing the media. Not only are employees restricted from deciding who has the right to access their PII — they were also informed that trying to prevent data inputs will result in serious consequences. NY Times’ journalist, Rob Lieber, writes about employees’ endeavors and the emails he has received since Equifax revealed the data breach:

“Peter Herman, a self-described recovering attorney in Charleston, S.C., had a typical experience: a long wait, a number of prompts, a disconnection and a firm “no” on deleting his file. Then came an odd warning from the live human being he did reach. Any attempt to get his lenders to stop sending payment information to Equifax, Mr. Herman said he had been told, might result in his credit score being ruined because his payments would be marked late.”

How Employees Really Feel

Beyond rage, employees feel let down, powerless, and afraid. They do not want to be seen as a mere number in a system, but as a valued employee with the right to data security. Employees worry about their safety day in day out, desperately seeking a resolution to this injustice.

You, as an employer, have the power to give your employees a sense of protection from a data breach, by advocating for their digital security.

To test the idea of an individual employee trying to resolve this issue through their own company rather than through direct source of data breach, Ron Lieber of NY Times, asked his employer — the NY Times — “to cancel its contract with Equifax for a service called WorkNumber, which provides employment verification and other details like work history and salary.” After considering the idea, his employer decided to accept his request.

This Affects Your Company, Too

Your employees may be thinking and feeling the same. They may be scared to bring up their feelings due to negative consequences they could face afterwards. They are under a lot of stress, and now more than ever they need to be reassured their company cares about employee security.

If your employees feel that their safety and security is not put first, they will perform less productively or work less efficiently in teams. However, with a vendor focused on your employees’ data security, employees can focus on their job at hand.

Outsource verification of income and employment and ensure maximum data security while giving your employees the ability to verify and release their data only with their permission.

What Can You Do?

Here are some steps you can take to ensure your employees feel safe and protected from a data breach: 

Communicate with Your Employees

Proper, honest, and direct communication is the best way to avoid a problematic situation. No matter how busy you are, find time to meet with your employees and openly discuss the current state and possible solutions. Do your best to understand their points of view, and take their requests into consideration.

Conduct a Survey

If bringing the entire company around the table is next to impossible, and you cannot manage to organize team meetings, invest some time into creating a survey. Send all your employees a personal email to let them know you are on their side, reassure them that you have their best interest in mind, and ask them to fill out the survey to help you understand their needs.

Explain How Your Security Systems Work

Comfort words are nice, but they do not solve any problems. After the exposure, employees need proofs that their information is truly protected in order to finally feel relieved.

Make an effort to explain to your employees how your security systems work in a nutshell, let them know who, and under which circumstances, can access their data, and if they are notified upon such an event.

Look at the Issue from an Employee’s Perspective

Nobody is immune to a data breach, whether you are a summer intern or the CEO. Your personal data is all stored in the same place, and lack of security means you are just as susceptible to a data breach. As a decision maker, you can choose a vendor who takes security seriously.

Listen to Your Employees and Find a Solution Everyone Will Benefit from

Employers can spare themselves the headache of inadvertently exposing their company’s employees to identity theft and financial losses with Verifyfast. A 100% free of charge VOIE solution eliminates unwanted entities from obtaining employee information. Verifyfast is not a data reseller, but a direct furnisher of data focused on employee experience and security.

This provides you with access to a team of experienced professionals that act as your outsourced VOIE department, dedicated to disseminating only the approved data to the approved verifiers.

You can ease your employees’ minds – the verification of income and employment can happen only after the employee has given permission for the verification. Both you and your employees can review who requested a verification, the type of verification requested, and the time and date of the verification. A verifier must go through several layers of security to ensure they were given permission by the employee to receive the verification.

All your data and applications rest in a closed, secure network with up-to-the-minute intrusion detection using current threat models. This closed environment is audited annually to SOC 1 and SOC 2 standards. All data is encrypted in transit and at rest.

Verifyfast runs constant scans against the most recent database of threats on both the network and applications. Any framework vulnerabilities are exposed and addressed immediately. The application model is simple: it does not introduce outside frameworks, reducing our footprint of potential vulnerabilities.

Integrate electronic VOIE system and experience benefits of the latest technology with the highest level of data security and privacy in the marketplace.
The information contained within this document is general in nature and is not intended and should not be construed as legal, HR, or opinion by Emtpech. Please contact Emptech or another subject matter professional prior to acting on any information provided in this document. We recommend caution when contemplating acting on any information provided in this document as it may not be applicable or suitable for the specific viewer’s needs. Emptech assumes no obligation to update any viewer of any changes in law, rule, or regulation that could affect the information contained herein. Without express written permission from Emptech, no part of this document may be reproduced, retransmitted, or otherwise redistributed in any form or by any means, including, but not limited to photocopying, electronic, facsimile transmission, or using any other information storage and retrieval system.