Judging by the content and popularity of The Source Online, MCI employees seem sure in the belief that their transactions are secure. MCI offers more than 1,400 pages of interactive HR content, including the ability to exercise stock options, manage a 401(k) account, fill out an electronic W-4 form, and view an electronic pay stub up to seven days before payday. Employees can also up-date their own records and enroll in direct deposit electronically.
All of this is possible using a personal identification number (PIN)-the same one employees have relied on for years to access an interactive voice-response (IVR) system-that provides the appropriate level of access to data. "A single user sign-on that works across multiple platforms provides the power, flexibility and protection to create an effective, secure system," says Cimmino. Func-tioning across differing operating systems and Web browsers, the PIN-based system also lets MCI add digital certificates and more advanced features as they are needed.
However, MCI doesn't rely only on strict log-on controls. Employees automatically receive secure Web pages after they've logged onto the system. Once they click past a page on their browser, it immediately expires. That makes it impossible for an intruder to view the data by clicking the "back" button on the browser and accessing cache files. If an employee steps away from a PC while viewing secure documents, the system automatically logs the individual out after five minutes of inactivity.
Finally, the company tries to install a sense of personal responsibility in using the system. "Even the best technology and systems are vulnerable to human lapses," says Cimmino. "Employees have to take personal responsibility. They have to understand procedures and policies and follow them."
Workforce, September 1998, Vol. 77, No. 9, p. 81.