Your human resources department plays a vital role in how your company gets things done. It makes sure you are staffed properly, that benefits are administered and many other important obligations are met in a timely manner.
Everyone knows the pitfalls of the HR department. If they recruit a bad player, it can hurt morale, but it won’t necessarily sink the ship. There is, however, an HR-related obligation that, if left unmet, can take a company out in a keystroke. It’s in the news every day. That obligation is security.
If the Heartbleed fiasco taught us anything, it’s that there are myriad ways your company can be affected by security issues. Your HR department is vulnerable, too, and the most dangerous fallout comes increasingly from tax-related identity theft. Last year the, IRS issued more than $4 billion in misdirected tax refunds to fraudsters. On average, a victim has to wait more than six months to receive money stolen from them in this way, and they have to jump through a number of hoops to get it. The IRS has responded by making its filters more sophisticated and hiring more than 3,000 caseworkers, but the problem persists and is, in fact, growing to the consternation of government, law enforcement and taxpayers.
Brian Krebs reported on a new scam recently in which cyber thieves had stolen W-2s and other employee personal information from a cloud server provided by Ultimate Software’s UltiPro. In addition to providing a place where HR professionals can store employee information and other vital HR files, the cloud also provides an irresistible opportunity for cyber criminals. According to Krebs, the crime ring created created crimeware that was even available for licensing to other criminals. It allowed the fraudsters to track tax returns filed fraudulently on behalf of almost every employee with a W-2 on file with the affected companies. Ultimate Software says the incidents appear to be on the end-user side through individual employee computers that are infected with malware.
It used to be that a company’s intellectual property and trade secrets—from search engine algorithms to the secret sauce—were the most important assets to protect. That’s still the case, but increasingly employee information is just as valuable. Fail to protect it, and your company could be exposed to significant penalties and fines, as well as a wave of enterprise-killing lawsuits.
The FTC has created Identity Theft Prevention tools for the workplace. Here are some best practices that will help:
We live in an age where the third certainty in life is that you will have to deal with a data breach. I’ve written elsewhere about preparing for that. At close of the day, you want the “R” in HR to stand for “resource” and not “radioactivity.” By developing strict data security standards and properly training your HR personnel (continuously) to respect and utilize best practices, you can help your HR department to keep things running on time.
[Editor’s note: If you’re concerned that the security practices in your workplace HR office has left your personal information vulnerable, there are ways to monitor for fraud that may have occurred in your name as a result. By checking your credit reports regularly, and by monitoring your credit scores for unexpected drops (which you can do for free on Credit.com), you may discover signs that your identity has been stolen.]