HR department Security checklist for employee data protection

• Policies and procedures that address allowing authorized and limiting unauthorized physical access to electronic information systems and the facilities in which they are housed
• The methods used to control physical access to your secure areas, such as door locks, access control systems, security officers, or video monitoring
• Single point, reception or security desk, sign-in/sign-out log, temporary/visitor badges
• PCs inaccessible to unauthorized users 
• Classify your data, identifying sensitive data versus non sensitive
• Responsibilities to protect sensitive data under your control
• Is there a process for creating retrievable back up and archival copies of critical information
• Do you have an emergency/incident management communications plan
• Do you have a procedure for notifying authorities in the case of a disaster or security incident
• Does your procedure identify who should be contacted, including contact information
• Is the contact information sorted and identified by incident type
• Password cracking (access to password files, use of bad – blank, default, rarely changed – passwords)
• External access to password files, and sniffing of the networks
• Unauthorized physical access to system
• Check Vendor Security Measures
• Restrict Access Based on Needs
• Know what data you have and where it is located:
• For your personal home accounts, understand where your information is stored
• All confidential, proprietary, and sensitive information should be encrypted or otherwise secured.
• Determine whether removable media is allowable. If not, disable ports and file sharing. If allowed, require information be encrypted and secured
• Never transfer sensitive company information to a mobile storage device
• Backup all the data