What safeguards are in place to protect employers and their workers from identity theft and internet scams?

The Minnesota Unemployment Insurance Self-Service System is designed from the standpoint of never asking employers or applicants for critical information by e-mail or any means other than signing in securely to the system. The system will employ current industry practices regarding safeguarding data and will be updated as those practices evolve. Current industry practices being deployed are as follows:

• Data will be required to be submitted only inside the secure Web site,
• Routinely remind employers and applicants on e-mail or other correspondence that our practice is to never ask for critical information to be submitted by e-mail, and...
• Limit e-mail communication to general non-sensitive communications, or reminders/notices to log in and view a notice or complete a business process.

Are agents and accountants able to use the Self-Service System on behalf of their clients?

Yes. Agents must register online. Employers then link an agent to their account and control the agent's level of access.

The MN UI Self-Service System provides secure access for employer and agent wage and payment submissions. The following information outlines the basic security design and responds to specific agent concerns:

Define the use of SSL to perform encryption with FTPS in the MN UI Self-Service System.

Data encryption is fully supported on all connection types (PASV and PORT). We encrypt both FTP channels: control (or command) and data using SSL. The control channel is responsible for sending the user/pass and all of the commands. The data is responsible for the uploaded/downloaded data and directory listings. As mentioned above, we are using 128-bit SSL to secure users connecting to us via FTP.

Define using SSH2 leverages Secure Shell for authenticated, encrypted file transfer in the new MN UI System.

The software does not use SSH2 for authentication and encryption.

Define the use of VPN to secure FTPS file transfers in the MN UI Self-Service System.

VPN is not used for connection to the secure FTP.

What VPN software and/or VPN appliance will be used at each end point in the MN UI Self-Service System?

No VPN software will be used.

Define any digital certificates (i.e., x509) involved for implementing a VPN or secure FTPS in the MN UI Self-Service System (key exchanges must be made, and private keys need to be secured).

A certificate from a certificate authority will be used. It will be in DER format.

Define the Active/Passive considerations.

The Active/Passive consideration is in connection to the clustering architecture and it is simply having the FTP servers use a common shared disk for file storage and the services on one server being active and the other being passive. This is for redundancy purposes so only the active server is servicing FTP request and the passive server remains inactive until the active server is not available.