As employers go about hiring non-U.S. citizens, they may need to handle private information — like passports, birth certificates, and government-issued identification — which, if stolen, could compromise the prospective employee’s livelihood. For this reason, the petitioning party (usually the employer) should educate themselves about how to prevent financial damage. Below, we’ll discuss one of the more common weak spots and how to bolster security.
Identifying the Weak Spot
Perhaps the most vulnerable point of attack (from a hackers standpoint) is email. In 2019, according to a Javelin Research study, the U.S. lost $16.9 billion thanks to fraud. Because employee contact information is usually in the public domain, hackers can use sophisticated design to create authentic-looking emails coming, seemingly, from within the company. In some cases, hackers have been known to gain access to actual email accounts within the company in order to request account information for apparently legitimate purposes. Sometimes hackers will impersonate senior members, building a relationship with the recipient over an extended period of time. This method, known as Business Email Compromise, or BEC phishing, has led to a $15 million loss for 150 companies using Microsoft 365.
Developing a Game Plan
To effectively manage sensitive communication via email, it’s a good idea to create a corporate guide for immigration-related hiring. This may require an in-depth analysis of the various work visa types to determine all the major requirements and checkpoints. With a game plan for each visa-type, the hiring team can move forward knowing what to expect and when to expect it. This, in turn, will set in relief any odd or suspicious email correspondence coming from within the company.
Being Consistent and Communicative About Expectations
Employers can foster a culture of accountability by being up front about expectations regarding the hiring process. From the very beginning, they can communicate all the consequences arising from missed deadlines or incorrect documentation. In the end, it’s about getting people on the same page from the get-go. This point, while simple, can go a long way toward preventing unnecessary leaks of private information.
Sharing Responsibility
In some cases, there is one person who is solely responsible for tracking and managing the immigration-related correspondence. Having only one person on the case can increase chances of a leak. Alternatively, businesses can opt to create one shared email account devoted entirely to immigration (for example: [email protected]). With a shared account, a larger number of people will be able to spot potentially fraudulent emails.
Avoiding Personal-Use Cloud-Based Systems
Web applications like DropBox, GoogleDrive, and Teams are all great tools for general-purpose file sharing. If someone wants to share a video from a recent trip, these apps might be the perfect fit. But when it comes to sharing sensitive information, these tools can be more susceptible to cyberattacks than those tailored to a company’s specific needs. For this reason, employers may want to consider investing in immigration-specific storage systems — ones which employ sufficient security measures.