<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Protecting PII During New Hire Onboarding

During the new-employee onboarding process, Human Resources is flooded with personally identifiable information (PII). HR plays an essential role in protecting employee and company data, and these teams usually have a data security protocol in place while collecting this sensitive information. However, typical email and faxing procedures aren’t secure enough to handle PII.

With the rise of remote work and distributed teams, personally identifiable information is vulnerable and at risk for falling into the wrong hands if it's not protected. Virtru can help you better protect new employees' personal information at all times, whether it's being collected, stored, shared, or transferred between HR and new employees. 

 

Why is PII At Risk During Onboarding?

When onboarding a new employee, companies require a lot of personal information, such as first and last name, social security number, a driver’s license, passport, even banking information. This information is commonly collected through email or fax, which are both prone to being mishandled. It’s important to ensure that emails and faxes are properly encrypted before PII is collected and stored. When emails aren’t encrypted if information is leaked, these emails can be read easily, sometimes in plain text, but if the proper encryption is in place, the keys to unlocking the emails are safe, making the emails unreadable and essentially useless. 

Emails pass through numerous networks or servers on the way to the recipient, and PII could also be accidentally sent to the wrong person due to human error, proving unencrypted email is not secure for PII. If sending and receiving PII through email is necessary, you should be using email and file encryption to ensure that data remains secure at all times through its lifecycle.

In fact, PII is often exchanged far ahead of the onboarding process. Virtru customer Toto Holding Group uses Virtru's Data Protection Gateway to automatically encrypt inbound resumes and CVs, which often contain candidates' mailing addresses, phone numbers, and other PII.  

Another important facet of the onboarding process is that information sharing goes both ways: You are sharing company information and instructions with the employee, and the employee needs a way to securely share their private information with you. Encrypted file-sharing platforms like Secure Share give new employees a single place to go to submit that information, with the confidence that it's being handled securely. 

Having a secure way of sharing important information will not only protect the company from a breach, but will also reassure the new hire that the company is prepared for remote work, and has proper safety measures in place to handle their sensitive information. New employee PII is at risk during onboarding, but new employees are also the riskiest when it comes to making mistakes that could put company data at risk. During onboarding, new employees should receive education on security best practices and how to keep their own information and company data safe.

What Security Information Should New Hires Learn?

During the onboarding process, emphasize security and teach new employees how data breaches happen, and current processes in place to safeguard against them. New employees can be a cybersecurity risk if not properly trained, so starting the onboarding process with the proper security information could reduce data risks.

It is important that new employees understand the importance of encrypting emails, especially when sharing secure company information. By encrypting emails, they are in essence asking the receiver to verify their identity. It’s important to ensure that outbound emails are being received by the intended people. New employees should be trained not to share company information with people they don’t know. Just like how one wouldn’t share social security information with a stranger, company sensitive information should not be shared with unknown people.  

Another way to reduce security risks is to frequently remind employees that attacks are getting more and more sophisticated, and that bad actors are constantly finding new ways to attack vulnerable technology systems.  It’s common  to have security training and quickly forget everything, which is why it is important to send frequent reminders of suspicious behaviors to employees to ensure they are staying up to date with the latest tricks. 

What are PII Best Practices?

Like we discussed above, sending encrypted emails and faxes is one way to send PII safely. Another safe and secure way to send PII is using a secure, cloud-based file-sharing platform such as Secure Share, which encrypts files upon upload and gives the owner full control over their data, even after it's been shared. With Secure Share, employees can easily submit sensitive documents like proof of residency, identification, and financial information for direct deposit. 

Encrypted file sharing is crucial to organizations, not only for collecting information, but also for sending information securely and conveniently. This protects privacy for new employees and makes sharing files easier — starting the employee-employer relationship on the right foot. Although it’s easy to think of security as protecting the systems and devices that store and transfer sensitive information, using data-centric protection is more effective. This means that the actual files are secured, and that security extends across the life cycle of the data. 

A Rule of Thumb for Protecting PII: Make It Easy

Data-centric protection can be a simple and hassle-free experience when you incorporate it into your existing applications and workflows such as Google Workspace (including Gmail), Microsoft 365 Outlook, and apps like Workday that transmit sensitive data over email. The more simple your data protection methodology is, the more likely it is for your employees to actually use it, and the easier it will be to get new hires using the right processes for protecting data.

Using Virtru to protect new-hire PII within email and file-sharing applications can make for a smooth onboarding process. Not only does this protect you from breaches that can be stressful, costly, and damaging to employees but this also sets the tone with your new employee that they’re in a secure environment which creates a trust between the company and the employee.

We'd love to show you how Virtru can add an easy layer of security to your HR and onboarding workflows. Book a demo with our team to learn more.