Federal Response to the OPM Data Breach

The following is a guest post from a very hard working, dedicated, and friendly man in uniform that I am honored to know and work with: Joe Schweickert As a veteran myself serving from 1985-1993 this is a deeply disturbing HR issue that the military personnel records have been exposed.

www.federalnewsradio.com

By now, most of us have heard about the OPM (Office of Personnel Management) data breach, in which hackers (allegedly sponsored by China) gained access to personnel records of current and former federal employees. A recent interview with Jason Miller, Executive Editor at Federal News Radio, discussed the two different breaches, and the federal response to improve security for information systems.

www.opm.gov

First, it is important to understand that there have been two separate breaches at OPM. The first, and more widely reported, involves personnel records on up to 14 million current and former federal employees, dating back to the 1980s. The second involved background investigations on employees, military members, and contractors who possess security clearances. These investigations (using the SF86 questionnaire that can exceed 100 pages) includes sensitive information such as criminal records, bankruptcies, and substance abuse history, as well as information on relatives. For a foreign intelligence operation, this presents an enormous opportunity to identify potential targets for blackmail.

The federal response, as outlined by Federal CIO Tony Scott of the Office of Management and Budget (OMB) involves four steps:

Fix all Critical vulnerabilities within 30 days – part of the federal ‘Cybersecurity Sprint’.
Tighten policies on ‘privileged users’ – requiring administrators to use 2-factor authentication for access to systems, making it harder to steal passwords.
Accelerate use of ‘smart cards’ for system access for all users – Government wide use is only about 42%, but agencies (such as Defense) that have adopted smart cards have seen a significant decrease in hacks. (See example smart card – access to the computer requires both inserting the physical card, as well as a PIN).
Deploy ‘indicators’ to scan systems/logs and detect breaches.

Federal ID

Additionally, OPM has initiated a massive notification campaign to explain the breach to all affected employees, and has contracted for credit monitoring services for 18 months. Part of the interview focused on concerns about the bidding process for that contract, but that is of more interest to acquisition experts than HR professionals.

While this breach is unprecedented in scope, it highlights a vulnerability common to all HR functions, whether you manage payroll for a local diner or have millions of employees. From the first day the employee turns in an application or fills out their W-4, they are entrusting us with their personal information. This information is critical to ensuring we provide them the pay and benefits they earn, but it is also a potential target for identity theft, harassment, or exploitation.

As HR professionals, we must ensure personal data is protected. For the federal government, this is mandated by the Privacy Act of 1974, but private sector employers are also bound by laws such as the Health Insurance Portability and Accountability Act (HIPAA). Protection includes strong technical safeguards, such as Smart Cards or complex passwords and robust firewalls. But it also includes physical security measures – keeping paperwork locked when not in use, and ensuring portable devices are secured.

We have had incidents in our organization of individuals emailing personal information, covered by the Privacy Act, to a home email to ‘work from home’, which exposes it to hacking. We have also had information exposed when an employee left their laptop in their car and it was stolen. In both cases, we had to take steps to mitigate the damage, by identifying whose information was vulnerable and notifying the employees. This affects employee morale and trust in the organization.

Remember, taking care of people includes taking care of their information – information security is our responsibility.

55 Active Job Search Sites (Updated 7/19)

I had a company encouraging me to update this list over the last couple of months. Since they focus on veteran hiring and I am a veteran supporting other veterans I am happy to add the following to this original posting from 2017. Silent Professionals is a free veteran recruitment service. Their differentiating factor is that they focus on a very specific subset of veteran employment which is the combat arms veteran. Their site is much more than just a job board because they actually provide a service behind it which is all free to the veteran. As combat veterans themselves, with a vast amount of experience in the private security sector, they are able to use that experience and influence within the industry to act as trusted advocates for the veteran candidate. They boast an incredible 84% job placement success rate for candidates that they recommend to employers. One of the reasons they're able to do that is because of their focus on jobs for combat veterans who are seek

Honest, Vulnerable, and Transparent Communications Can Be a Curse for Women

As we approach yet another end to Women’s History Month where organizations make a sincere concerted effort to raise awareness to the issues women face in the workplace with hope for continued change, I am skeptical. Not because I do not believe in the effort. Not because I have not heard story after story of women who have made history and are honored and respected highly for women’s suffrage progress they have made. Not because I do not believe in change. I do believe strongly in the effort that brings these stories to the public causing change. However, the reason I am skeptical is the same reason so many other women question the possibility of real change. Why, because we have been victims who feel defeated repeatedly and constantly reminded of the loss experienced. When you feel you have taken two steps forward and knocked five steps back every time that original wound opens and reminds us of the curse lived just because we are a woman. I had to be quiet about the real reason I

HR Assessment Risk Summary

In summarizing the potential for risk in the human resources and personnel practices of organizations visited over the past few years, the highest risk of audits, investigations, grievances and the resulting potential for penalties, fines and legal concerns come from six primary sources. The main reason for concerns are because certain federal and state agencies are making it a priority to investigate: Misclassification of employees as exempt, Illinois led the nation in active investigations 3,635 involving 19,765 misclassifications, 245.6 million in unreported taxable wages, 5.1 million in unemployment tax unreported, 270,570 employees impacted. The U.S. Equal Employment Opportunity Commission (EEOC) recently announced that 84,254 workplace discrimination charges were filed with the federal agency nationwide during fiscal year (FY) 2017, and secured $398 million for victims in the private sector and state and local government workplaces through voluntary resolutions and litiga

Another Day in the HR Field

Search This Blog