The Do’s and Don’ts of Keeping Confidential Employee Data Secure

Posted by: on Aug 31, 2011 | 2 Comments

This guest post is from David Eisner who is the President and CEO of Dataprise, a full service network support, help desk, outsourcing and IT support provider.  David wanted to know if he could write a guest post and I noticed that Dataprise provides security related consulting services. As an HR IT professional I am always concerned about making sure employee data is kept secure so I am happy to bring you some tips from David on securing employee data.

Whether your business has 10 employees or 100 employees, one thing remains the same: your employees have a right for their confidential information to remain confidential. But what is the best way to ensure that your company is taking the steps necessary to effectively protect that information? Let’s take a look at some of the most important do’s and don’ts when it comes to securing confidential employee information on your business’ network and workstations.

DO: Create a written policy for handling confidential employee information

Don’t assume that everyone agrees on what exactly constitutes “confidential” information—ensure that there is no question about what information is deemed confidential and what information is not. Draft a written policy that specifically defines what information is considered confidential, and that outlines who, how, when, and why authorized employees may access the information. Then, go one step further by asking employees to sign off on the policy, verifying that they understand it and agree to follow it.

DON’T: Assume that your main security threat is external

With news stories of hackers stealing confidential information for their own malevolent uses, it may be tempting to think that the main threat to your confidential employee information is from outside your organization. But research shows that employees and contractors within the organization are more likely to be the culprit in an information breach. Take steps to secure your network from hackers and other outsiders, but don’t do so at the expense of employing appropriate security measures inside your office.

DO: Employ physical and virtual locking mechanisms

When it comes to protecting confidential information, your first step is to discourage crimes of opportunity—and the best way to do that is to simply lock the data away. A locked door to the Human Resources office or a locked computer workstation is likely enough of a hindrance to keep a curious (or even potentially vengeful) employee or contractor from accessing confidential information. Ensure that any employees who have access to confidential information understand the importance of locking their workstations any time they are not directly in front of them, and mandate that they follow best practices by regularly changing their password.

DON’T: Overlook other threats to information security

Keeping confidential employee information in a secure server location is one of the first steps in ensuring that confidential information remains confidential, but don’t overlook potential security loopholes. Ensure that network information cannot be downloaded to a local machine or a temporary drive. Also, make certain that your network backups that contain the confidential information are as secure as your network itself.

By combining network security best practices with common sense measures, and staying up to date with evolving security protocols, you’ll be taking the steps necessary to protect your employees’ confidential information—and to protect their trust in you.
David Eisner is the President and CEO of Dataprise, a full-service network support, help desk outsourcing and IT support provider.

Great information from David.  Here are my recommendations for some of the items that David mentioned: For securing your networks internally, you should have an industrial strength corporate firewall. All internal Web applications that store and transmit confidential data should be SSL enabled.  To prevent confidential employee information from being downloaded to a USB device or CD/DVD drive look at configuring desktop Operating System security to prevent the use of USB drives.


  1. Alex @ Kapta Systems
    June 22, 2012

    I see more and more organizations moving towards cloud computing in order to keep confidential records safe from prying eyes. The days of having rows of file cabinets inside the office full of employee paperwork are slowly coming to an end.

    • mikekrupa
      July 1, 2012

      Interesting observation. Makes sense that companies would take advantage of cloud offerings to eliminate cabinets of paperwork but in general my observation is that companies still do not have adequate processes in place to keep from downloading and handling sensitive information even if the information is digital instead of paper.