Resources | Stratus HR®

When Data Breaches Happen: Ways to Protect Your Small Business

The data breach in September of 2017 at Equifax came on the heels of countless other data breaches at big and small businesses alike. But are data breaches an inevitable part of doing business?

No, not if your business ensures it’s taking the necessary steps to keep all sensitive data safe.

Actions Employers Should Take to Protect Employee Data

When a data breach hit HR outsourcing firm ADP in 2016 and compromised the personal data of employees from more than a dozen of ADP’s clients, we provided a list of actions businesses could take to keep their employees safe.

Change Passwords

Some of the tips are simple: changing passwords regularly and requiring complexity is something employees can do to help prevent access to their personal information.

Perform Security Audits

Also on the list was ensuring security audits were frequently performed by an outside resource.

Install Patches

We did, however, forget to include something from our list: install all patches ASAP, which may have been the cause of the Equifax breach. Why did we miss the suggestion? Because companies in the business services industry should already be taking care of this for their customers.

Encrypt Employee Data

At Stratus HR, we ensure all our clients’ employee data is encrypted. We take care of the updates and patches ourselves -- these are done on OUR end, meaning they are not dependent upon any client action.

Become SOC 1 Type 2 Certified

Stratus HR is also SSAE 16 SOC 1 Type 2 certified, meaning we have been audited by an independent firm to verify our systems and controls are secured. We have electively pursued the SSAE 16 third-party audit to ensure our client information is protected.

This thorough audit also identifies inefficiencies or areas for improvement, in the event something has been overlooked. (For more information about the SSAE 16 audit, please visit www.aicpa.org.) It’s just another step in ensuring security isn’t compromised.

Watch for Scams

There are, however, measures we ask our HR clients to take, too. Watch for scams. Create strong passwords. And call us whenever you have a concern.

No one ever wants to be the victim of identity theft. You can find more details about keeping employee data safe in the following articles.