Your two most important assets are your people and your data. As your employees run detailed reports that contain confidential HR information, and these move along the workflow across the business—from person to person, between departments, internal and external—it’s hard to be certain that your employee data is protected. Sure, you want to maintain a transparent process, but you also know you need to protect your greatest assets.
Are you confident that no one other than those authorized to view a specific report has seen that data? As compensation details, other payroll expenses and more sensitive employee-related data are passed along—often back and forth—do you know exactly who has access to what data?
With governmental personal information protection laws (GDPR, PIPEDA, CCPA, etc.) and the increasing importance to safeguard your information against hackers, you need to ensure your employee data is private and secure. It’s especially important if you’re a high-visibility company that's subject to a greater risk of a data breach.
In the spirit of “Safer Internet Day”—a global celebration on February 8 that joins stakeholders to make the internet safer for everyone—we’re focusing on better (and safer) employee data protection protocols for organizations and their people. Today, we’ll cover three signs that could indicate that your company needs better employee data protection when running reports.
1. Version Control Frustrations
One team is spending time—a lot of extra time—manually consolidating data before you can run your reports. Because everyone worked off slightly different numbers that came from disparate data sources, a few employees now have to scour through every edit between v1 and v6 to assemble those edits, scan the changes and find the employees who entered that data to ask about their entries. That’s more auditing time—and people power—scanning through and passing around sensitive employee information during account reconciliations and financial consolidation.
If your best method is reviewing ‘Last Accessed’ or ‘Last Edited’ details when auditing, it’s difficult to retain confidence in knowing who worked off which version, what changes were made or with whom that data was shared. You need an audit trail—a drill down into the history of a spreadsheet for every cell and data point—and templates that you can leverage across multiple profit centers, rather than one template for every department. Without audit trails and data integration, you risk violating key foundational security controls.
Watch the video to hear J.T. Cecchini, General Manager at LevelUp Financial Partners, talk about using Vena for data restrictions and the risk of emailing company salary information.
To watch the full episode of The Financial Reporting Meetup, featuring J.T., become a Plan To Grow member and join the community.
2. User Access Level Uncertainty
You’ve been given a report and have questions about something you’ve discovered. The person you asked doesn’t have an answer and is taking a while to get the information you need. If they’re unsure of who to ask, it’s likely your employees don’t know who has access to what information and who’s completed what tasks—whether inside or outside your organization.
This is an indication your company isn’t following the following foundational internal control guidelines:
- Principle of Least Privilege: Employees should only have access to what they need to complete their tasks.
- Segregation of Duties: The assignment of tasks—within a process that involves shared responsibilities and multiple people and departments—to minimize fraud or error.
If your employees don’t know who to consult when they notice inaccurate data—for instance, payroll staff seeing questionable variable compensation numbers and asking the wrong managers for confirmation—who will they ask? By sending information to the incorrect people for verification, it significantly increases the risk of your sensitive HR details reaching unauthorized users.
3. Offline Employee Database in Excel
Your data is stored offline and your employees send reports back and forth through email. Without a central, cloud-based environment, you’re more susceptible to data breaches— especially if you have staff members who don’t always follow safe internet best practices.
And if you’re using Excel spreadsheets to hide and filter data manually, without the ability to track changes, you don’t know who’s viewing, editing or sharing this data. While there are offline options to secure Excel data, hackers can use Excel’s security features against it. This is where high-level encryption measures become necessary to thwart nefarious actors.
Employee Data Security
Vena’s Excel-based Complete Planning Platform has a role-based access control feature that lets you restrict or grant data permission to employees. The control system has an audit trail that drills down into the history of a spreadsheet—for every cell and data point—so you have complete visibility into, and control over, who has viewed what data and from where those numbers came (stamped with date, time and user). This adheres to information protection laws. The strict control system enforces the segregation of duties and follows the principle of least privilege, keeping unauthorized users from viewing, editing and sharing data.
The platform has a built-in version control system that ensures everyone is working off the same data in the Vena Cloud—a secure, enterprise-class environment that’s encrypted with Advanced Encryption Standard (AES) 256-bit encryption and private keys managed by the Amazon Web Services (AWS) Key Management System. As your employees run reports and confidential HR information moves along every stakeholder, with Vena, you can feel confident your employee data is fully protected.
Celebrate Safer Internet Day by trying the Complete Planning Platform. You’ll discover how to better protect your two most important assets: your people and your data.