Skip to main content

Protecting PII During New Hire Onboarding

Protecting PII During New Hire Onboarding

During the onboarding process of new employees, Human Resources is flooded with personally identifiable information (PII).  HR plays an important part in protecting employee and company data, and usually has a data security protocol in place while collecting this sensitive information, however typical email and faxing procedures aren’t secure enough to handle PII. With the increase in distributed teams and new remote working practices, personally identifiable information is vulnerable and at risk for falling into the wrong hands. Virtru can help to better protect this information while being collected, shared and transferred across HR and new employees. 

Why is PII At Risk During Onboarding?

When onboarding a new employee, companies require a lot of personal information, such as first and last name, social security number, a driver’s license, passport, even banking information. This information is commonly collected through email or fax, which are both prone to being mishandled. It’s important to ensure that emails and faxes are properly encrypted before PII is collected and stored. When emails aren’t encrypted if information is leaked, these emails can be read easily, sometimes in plain text, but if the proper encryption is in place, the keys to unlocking the emails are safe, making the emails unreadable and essentially useless. 

Emails pass through numerous networks or servers on the way to the recipient and PII could also be accidentally sent to the wrong person due to human error or an email glitch, proving unencrypted email is not secure for PII. If sending and receiving PII through email is necessary, email encryption must be used.

Having a secure way of sharing important information will not only protect the company from a breach in PII compliance, but will also reassure the new hire that the company is prepared for remote work, and has proper safety measures in place to handle their sensitive information. New employee PII is at risk during onboarding, but new employees are also the riskiest when it comes to making mistakes that could put company data at risk. During onboarding, new employees should receive education on security best practices and how to keep their own information and company data safe.

What Security Information Should New Hires Learn

During the onboarding process, emphasize security and teach new employees how data breaches happen, and current processes in place to safeguard against them. New employees can be a cyber security risk if not properly trained, so starting the onboarding process with the proper security information could reduce data risks. It is important that new employees understand the importance of encrypting emails, especially when sharing secure company information. By encrypting emails, they are in essence asking the receiver to verify their identity.  It’s important to ensure that outbound emails are being received by the intended people. New employees should be trained not to share company information with people they don’t know. Just like how one wouldn’t share social security information with a stranger, company sensitive information should not be shared with unknown people.  

Another way to reduce security risks is to frequently remind employees that attacks are getting more and more sophisticated, and that bad actors are constantly finding new ways to attack vulnerable technology systems.  It’s common  to have security training and quickly forget everything, which is why it is important to send frequent reminders of suspicious behaviors to employees to ensure they are staying up to date with the latest tricks. 

What are PII Best Practices

Like we discussed above, sending encrypted emails and faxes is one way to send PII safely. Another safe and secure way to send PII is using cloud file-sharing, like Dropbox or Google Drive. These cloud-file sharing programs, like Dropbox, do a great job of controlling how information, including PII, is used, viewed & downloaded.

Although cloud file-sharing is a good option, and a convenient way to securely transfer files, it does also have some security vulnerabilities which may call for an extra layer of protection. Encrypted file sharing is crucial to organizations, not only for collecting information, but also for sending information securely and conveniently. This protects privacy for new employees and makes sharing files easier. Although it’s easy to think of security as protecting the systems and devices that store and transfer sensitive information, using data-centric protection is more effective. This means that the actual files are secured, instead of just the cloud-file sharing program. This two-layer system of securing the data and the network, leaves less room for data to be breached.

Data-centric protection is a simple and hassle-free experience that integrates the Virtru Data Protection Platform directly with your existing applications. This is not only important to keep data safe, but it’s easy to use. The more simple the platform is, the more likely it is for current employees to get quickly accustomed to it, and the easier it will be to get new hires used to the process.

Using Virtru to protect new hire PII can make for a smooth onboarding process. Not only does this protect you from breaches that can be stressful, costly, and damaging to employees but this also sets the tone with your new employee that they’re in a secure environment which creates a trust between the company and the employee. Learn more about Virtru’s data-centric protection by downloading the Securing the Digital Workplace Guide.

Dive Deeper