Hello! Need some advice!
I am in the process of getting a new job. All the HR paperwork is done, but the new company has asked that I do not give my two week notice to my current employer until they’ve successfully moved over my security clearance.
I don’t have an issue with this, but now the new company’s security administrator is asking me to provide information over e-mail that makes me a little nervous. At first, she asked for my SSN. I know the new company has my SSN, it was on new hire paperwork that I had to upload to a secure portal. I’ve never met this security adminstratior, never spoken to them on the phone, so to just to e-mail me out of the blue and ask for my SSN had all sorts of alarm bells go off. I communicated this and she was able to verify whatever she was trying to do some other way (or maybe she went to HR and got my SSN). I am not sure, but she never asked me again.
Today, she asked me to refill out my SF86 and resign a few pages. And send it over via e-mail… Am I just being paranoid?
Maybe pertinent background information: I have two clearances through two different agencies. I have a TS with the DoD and an TS/SCI through someone else. The new company needs to move that SCI to my DoD clearance. I originally filled out e-qip and new company’s security person has stated their customer (the DoD?) won’t accept that. No issue filling out an SF86. I just don’t love sending all this extremally personal information over my extremally unprotected email.
That seems like a valid concern to me. I am an investigator and I am not allowed to send or receive any personal information through email. I can only use email to establish contact and provide my phone number to ask for a call back. My email is not encrypted. They should send you a link to access your SF86 and if they need additional information they should provide a more secure way to send it like DoD Safe or a fax landline perhaps.
I think I’ve spent the last hour trying to research different ways I can encrypt this form before e-mailing it over. The best I could come up with with zipping it and encrypting it with 7z and then sending the password in a separate e-mail. Which I still don’t love… so I think I might start with pushing back and requesting some other avenue to give them the SF86.
This company is a couple of billion dollar corporation that does contracts with the government all the time. They have to have a better system then this.
Can you provide which company? The equip alone would have all of this information which they have access to so there would be no need to ask for any personally identifying information to be sent via email, especially unencrypted email. They also have this information via your onboarding paperwork through HR.
Well encrypting the document and trying to send it via email didnt work because the company doesnt accept encrypted attachments from outside e-mails sources or zipped attachments.
I keep being told their is no secure upload portal from the goverment. Ive even asked if we could use the company’s HR secure portal and she pulls them from there and I was told.
It seems my only option now is to print them and bring them directly to the office of the new company. This all seems insane to me, but I guess thats a solution.