Aligning Technology in Your Business Helps You Get the Most Out Of Your Benefits and Insurance plan, It also helps keep you HR compliant and protect your business, employees and clients from exposing personal information. When it comes to business security, there should be a break down of access controls based on their role. Employees should feel safe that their personal information such as wage and details in their plan should remain confidential. Employees should have access to their own benefits and insurance portal and be responsible for their own portal management. Too often we are hearing about the dreaded excel password file on an admin computer, there is a better way!
Access Controls and Security of Sensitive Data
When it comes to your employee benefits plan, there is a lot of sensitive information that needs to be sent and documented.
- Sensitive information
- Health Questionnaires
There should be a designated contact that has access to encryption, files that can only be accessed by that role and there should be policies followed that they can instruct employees to reset their own password. They should not be the password gatekeeper. Everyone in the business should be practicing least privilege. Even the CEO needs to get approval for anything outside of the businesses Acceptable Use Policy.
Include a password policy for all employees that the same password can not be used twice and no work log ins should be re-used for social media or gaming. There is so much Personal Information (PII) Stored on employee portals that it should be safeguarded. Most Portals are hosted through a third party insurance vendor so using separate log ins with MFA will keep information better protected. In the event that a third party vendor your business uses does become breeched, alert your team to change their password to their portals right away and keep an eye on suspicious activity.
What Should be Encrypted When Sending Information Internally and Externally in a Business?
First off what data needs to be encrypted, there is a technical term PII when a business sees that what does that mean? PII is Personal Identifiable Information, this includes; passwords, log ins, wage etc. What are some items that you have seen people send by email that, are not best practice but a lot of people do daily? When you onboard a new user and send their company log in and password instead of sending them an onboarding email to create their own log in and password. The best ways we can send sensitive information safely by email are with one time password, it only allows a user to open a link once and then can not be used again. We recently were at an event where we discussed when to use a BCC in an email where you need to share information with a lot of users. That way should a business email be intercepted it would limit the amount of information a hacker can use.
There is software that can be added to encrypt emails and you can also add a zero-trust approach to your email where any new sender needs to be marked safe, it can add an extra layer on to your Microsoft defender filtering. DNS Filtering can really benefit your business as well. If your team is doing research it will filter out any businesses website that does not include HTTPS the S stands for Secure. Really important to know when completing forms online. Check to see if you website includes the https so that you are not being blocked from any potential business.
Contact us today to talk about some ways to improve your Internal Strategy. Call 416-900-6047 ext 322 today.
-1.svg "Attitude IT: Keeping Your Technology on Course")