Protecting Payroll Data from Cyber Threats
May 1, 2019
In the eyes of a hacker, intercepting payroll data like employees’ bank account numbers, social security numbers, home addresses and wages would be like hitting the jackpot. A breach of this nature can cause irreparable damage to your employees’ trust and confidence, not to mention costly reputation and financial damages. These consequences don’t allow for error. Controls must be put in place to ensure employees’ personal information and payroll data always remains confident and secure from cyberattacks.
Ways to Help
Most companies these days rely on a third-party provider to process their payroll. But, that doesn’t relinquish an employer’s responsibly to take strong measures to secure any computerized payroll information lingering on its employees’ desktops, email servers and company networks, or even its third-party provider’s payroll system, for that matter.
While you cannot stop criminals from attempting to steal this data, you can take steps to prevent their efforts from being successful. Check out these best practices for protecting payroll data from ending up in the hands of lurking cyber predators.
Polish payroll security procedures. Review your payroll procedures on an annual basis to ensure an appropriate level of security is in place. Train each employee handling payroll data to follow the outlined procedures. Make sure these take into consideration evolving cybersecurity concerns.
Plan regular software or system updates. Applying updates as they become available helps improve security by closing gaps in your system that may leave your information vulnerable. Communicate with your IT department to ensure each employee is aware of updates and knows how to install them.
Build a resistant firewall. Be sure your IT department has installed a good firewall to block unauthorized access. A proxy server should be established to control and limit Internet access and audit the network connections frequently.
Update login credentials. Hackers will exploit weak passwords to infiltrate systems with minimal effort. Select unique, long passwords containing a blend of numbers, symbols, and upper and lowercase letters. Update all passwords on a regular basis. It may be helpful to set automated reminders when it’s time for a change. Also, be sure to block access to this data and any payroll systems when an employee responsible for handling payroll leaves the company.
Be wary of phishing emails. Many phishing emails ask for payroll information like a W-2 form or social security number. Appearing to be genuine, these emails may reflect the CEO’s name and ask for payroll information for an employee. As a rule of thumb, do not give out any payroll information via email without verbally verifying the request directly with the sender before responding with any sensitive employee data. Ask your IT department or an outside expert to train staff to spot the signs of a scam with strategies like checking the email reply address.
Avoid unsecured networks. If you are working on submitting payroll from your mobile device or home computer, you will want to make sure you are working on a secured Wi-Fi network. Make sure these devices have all their updates ran as well. Cyber criminals prey on those using unsecured networks.
Work with a secure third-party payroll provider. It’s crucial you select a trustworthy service provider, like DM Payroll Services, that employs proper security measures to keep your employees’ data protected. Perform some due diligence on your current provider, such as:
• Reviewing their annual SOC report evaluating the organization’s security, availability, processing, integrity, confidentially and privacy controls.
• Reviewing their security policies and procedures, as well as their incident response plan for dealing with a cyber-crisis threatening your payroll data.
• Ensuring they have strong security controls in place for transferring your company’s payroll information into their systems.
• Understanding their process for alerting you to potential threats and strange activity.
Get a cyber checkup. Even though precautionary steps are likely being taken to protect your organization’s payroll and other sensitive data, the evolving cyber landscape can still leave unknown vulnerabilities lurking in the background. Wondering just how protected your data really is? Consider having an independent third-party assess your information systems environment and its integrity. DM Payroll Services recommends working with its affiliate firm Doeren Mayhew. Armed with a team of security experts, they offer a suite of CYBERCLAW ™ security solutions designed to fit every budget and set of needs.
Is your payroll data as safe as it could be? If you are not leveraging DM Payroll Services as your payroll provider, it likely isn’t. Contact us today to find out what we do to keep our clients’ data secure and confidential.
“Doeren Mayhew” is the brand name under which Doeren Mayhew Assurance and Doeren Mayhew Advisors, LLC and its subsidiary entities provide professional services. Doeren Mayhew Assurance and Doeren Mayhew Advisors, LLC (and its subsidiary entities) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Doeren Mayhew Assurance is a licensed independent CPA firm that provides attest services to its clients, and Doeren Mayhew Advisors, LLC and its subsidiary entities provide tax and business consulting services to their clients. Doeren Mayhew Advisors, LLC, DM Payroll Solutions and their subsidiary entities are not licensed CPA firms.