When employers hire non-US citizens, they may need to manage private information, such as passports, birth certificates, and a government-issued ID – which, if stolen, could jeopardize the potential employee’s livelihood. This is why the requesting party (usually the employer) must inquire about how to prevent financial damage. Below, we’ll discuss one of the most common weak points and how to strengthen security.
Identify the weak point
Email is perhaps the most vulnerable point of attack (from a hacker’s perspective). In 2019, according to a Javelin Research Study, the United States lost $16.9 billion to fraud. Since employee contact information is typically in the public domain, hackers can use sophisticated design to create authentic-looking emails seemingly from inside the company. In some cases, hackers have been known to gain access to genuine email accounts within the company in order to request account information for seemingly legitimate purposes. Sometimes hackers pose as senior members, thereby establishing a relationship with the recipient over an extended period of time. This method, known as Business Email Compromise, or BEC phishing, has led to a loss of 15 million dollars for 150 companies using Microsoft 365.
Develop a game plan
To effectively manage sensitive email communications, it’s a good idea to create a business guide for immigration-related hiring. This may require an in-depth analysis of the different types of work visas to determine all key requirements and control points. With an action plan for each visa type, the recruiting team can move forward knowing what to expect and when to expect it. This, in turn, will highlight any strange or suspicious electronic correspondence originating from inside the company.
Be consistent and communicate expectations
Employers can foster a culture of accountability by being upfront about their expectations regarding the hiring process. From the start, they can communicate any consequences resulting from missing deadlines or incorrect documentation. Ultimately, it’s about getting people on the same page from the start. This point, although simple, can go a long way in preventing unnecessary leaks of private information.
Share responsibility
In some cases, a single person is solely responsible for monitoring and managing immigration-related correspondence. Having only one person on file can increase the risk of a leak. Alternatively, businesses may choose to create a shared email account devoted entirely to immigration (for example: work.visa@company-name.com). With a shared account, more people will be able to spot potentially fraudulent emails.
Avoid cloud systems for personal use
Web apps like DropBox, GoogleDrive, and Teams are all great tools for general-purpose file sharing. If someone wants to share a video from a recent trip, these apps could be the perfect solution. But when it comes to sharing sensitive information, these tools may be more susceptible to cyberattacks than those tailored to a company’s specific needs. For this reason, employers may want to consider investing in immigration-specific storage systems, which employ sufficient security measures.