Blog Articles

Guide: HR Data Protection During COVID-19

A comprehensive guide on data protection measures and questions HR Pros should be asking during COVID-19.

April 24th, 2020


HR Security in the Age of Coronavirus

With the recent COVID-19 pandemic, HR pros are rushing to help businesses adjust to remote work environments, new regulations, and social distancing practices. Amidst these changes, working from home has opened doors to a variety of unforeseen cybersecurity risks, including:

  • Wi-Fi Related Security Incidents

  • Browser-Based Attacks

  • Password Attacks

  • Phishing Attacks

...and many others! Cyber criminals are increasing efforts to lure internet users to click on malicious links or files and often stealing sensitive business data.

Human resources data is no exception to this recent influx of cyber-attacks -- highly confidential employee and business information are especially valuable to hackers and it has become far more important to ensure that you are taking the appropriate measures to protect your data.

While these developments have increased cybersecurity risks, HR software like GoCo takes effective measures to prevent the worst from happening to your confidential employee information. We’ve created an HR data protection guide so that you can stay ahead of the curve!

Coronavirus HR Data Protection: Questions to Ask

Does My HR Software Run on Modern Technology?

Ensure that your software runs on a modern infrastructure for cloud-based applications -- this will help protect you and your employees from the expanded surface for threats. GoCo runs on Heroku, which is a tried-and-true cloud platform that helps keep confidential information safe.

Does My Platform Secure Data with Two-Factor Authentication?

Provide employees and management additional security with an HR system that supports Two-Factor Authentication. Maintain account security by requiring all users to enter 6 digit codes along with their password at log-in.

Is My System SOC 2 Certified?

Type 1 & 2 SOC 2 Certifications are third-party auditing procedures used by Modern HR systems like GoCo to ensure your service providers securely manage HR data and protect the privacy of your company. Whereas the Type 1 certification is evaluated at a specific point in time, SOC 2 Type 2 certification requires a 6 month audit completed by the third-party. Type 1 & 2 SOC 2 certifications reduce cybercrime by striving for maximum security, integrity, availability, confidentiality, and data privacy.

Does My HR Technology Utilize Certified Data Centers?

Make sure your human resources software utilizes certified data centers with operations accredited under certifications like ISO 27001 and FISMA. GoCo’s Heroku technology uses AWS data center operations, which are housed in nondescript facilities and offer military grade perimeter control berms. Heroku undergoes vulnerability tests and code reviews to stay compliant with the most stringent security measures.

Does My HR System Protect PHI in Accordance with HIPAA?

Ensure that your HRIS system protects personally identifiable information relating to health care/payments (in accordance with HIPAA) to avoid unnecessary disclosure of information during benefits and process enrollment.

Does My Software Verify Data Ownership?

Your HR platform may require access to your company’s insurance, payroll, and additional information. Confirm data ownership and verify that your software will permanently delete all of your company data upon written request.

Is My Company Information Logged?

Your employee and company information should always be logged to help with troubleshooting efforts. GoCo’s HR data protection software provides easy access to audit trails for maximum security. Failure to log company information makes investigating issues far more difficult.

Is Access Limited for Nonpublic Personal Information?

Verify that access to nonpublic personal info is limited to employees with business reasons to acquire it. HR platforms like GoCo implement strict security practices to protect the confidentiality of each and every employee while also prohibiting disclosure that is unlawful.

HR professionals have a duty to protect employee and company information, and COVID-19 has made this obligation more challenging. With GoCo’s commitment to accuracy, trust, and security, we hope to help HR managers and business owners prevent HR data breaches and minimize benefits and payroll mistakes in the process. Learn more about how we can help here.

The GoCo team is working hard to support HR pros through COVID-19. Visit our COVID-19 Resource Center for more tools and tips 💚