How to protect your payroll data from cyber-crime Cyber-criminals are attacking corporate networks with increased frequency. According to the 2017 Trustwave Global Security Report, the most commonly targeted victims are those with vulnerable software platforms. Most at risk are corporate and internal networks (43% of all attacks) and point-of-sale (POS) systems (31%)...
I
nsecure remote access software, unsuspecting employees and poor password policies are responsible for the majority of global security breaches that took place in 2016. It’s simply too easy for cyber-criminals to ‘break-in’. E-commerce providers, mostly due to pressure from banks, are working hard to tighten up their security measures. The results are encouraging; cyber-attacks targeting e-commerce platforms have dropped from 38% to 26%. However, as companies get smarter, so too do cyber-criminals. Upgraded firewalls and enforced security measures are all important, but determined hackers are devising new ways to gain access. Manipulative methods like phishing and social engineering are now responsible for 19% of all corporate security breaches. The success of these attacks depend on one very valuable currency: personal information. Once a cyber-criminal has accessed an employee’s salary breakdown or banking details, for example, they can use that information to manipulate their way into the corporate network. As phishing and social engineering attacks become increasingly sophisticated, it’s absolutely crucial that companies protect their payroll data to the best of their abilities.
88 / Issue 12
Here are three ways for companies to safeguard their payroll data: 1) Employee training All employees, regardless of their position in the company need regular cyber-security training. In the rush of day-to-day business, it’s all too easy for a clever phishing attack to catch someone – be it the CEO or the new intern – offguard. Armed with company payroll information, a cyber-criminal could phone or email an unsuspecting employee with a seemingly legitimate request from the payroll team. All it takes is a couple of seconds for the employee to unwittingly open a link or insert their network password and the system is breached. Unfortunately, ignorance is no defence in the event of security breach – and the company in question will typically have to face expensive legal consequences. However, the greatest cost is undoubtedly the damage done to a company’s reputation. Public loss of customer or employee information has a far-reaching business impact. To safeguard business revenues and growth potential, staff must be trained to spot and report suspicious phone calls or emails. 2) Password protocol
@PaySpace
Warren van Wyk is one of the founding members and leaders of PaySpace Warren has over 18 years of experience in the software development industry. After graduating from Van Zyl and Pritchard, he started his career at an international payroll vendor where he travelled internationally on many projects and gained huge insight and exposure to international payroll requirements. He later moved to a large software outsource services vendor where he was placed on a project to rewrite a large client’s entire software technology stack using Microsoft technologies. His vast end-to-end software project experience coupled with his technical payroll knowledge greatly assisted the PaySpace team in the architectural solution design, having a leading and managing hand in every intricate area. His role as a leader in PaySpace means that he performs a variety of tasks which significantly affect the growth and strategy of the company.
combination to get right but crucial in the fight against cyber-crime. Most individuals have many different passwords to remember. As the list lengthens, it’s only natural to choose something simple like a birthday or home address. Unfortunately, a dictionary attack can crack a basic code (even if letters are replaced by numbers) in just a couple of seconds. Part of employee cyber-security training needs to focus on password creation. A strong password is at least eight characters long and mixed up with upper and lowercase letters, symbols and numbers. Ideally, a password should be something that can’t be found in a dictionary. All corporate network passwords need to be run through a regular password check to make sure they’re as uncrackable as possible. As extra precaution, when an employee leaves, passwords need to be changed.
Passwords need to be tough, yet memorable. Not an easy
XU Magazine - the independent magazine for Xero users, by Xero users. Find us online at: xumagazine.com
