4 minute read
How to protect your payroll
How to protect your payroll data from cyber-crime
Cyber-criminals are attacking corporate networks with increased frequency. According to the 2017 Trustwave Global Security Report, the most commonly targeted victims are those with vulnerable software platforms. Most at risk are corporate and internal networks (43% of all attacks) and point-of-sale (POS) systems (31%)...
Insecure remote access
software, unsuspecting employees and poor password policies are responsible for the majority of global security breaches that took place in 2016. It’s simply too easy for cyber-criminals to ‘break-in’. E-commerce providers, mostly due to pressure from banks, are working hard to tighten up their security measures. The results are encouraging; cyber-attacks targeting e-commerce platforms have dropped from 38% to 26%.
However, as companies get smarter, so too do cyber-criminals. Upgraded firewalls and enforced security measures are all important, but determined hackers are devising new ways to gain access. Manipulative methods like phishing and social engineering are now responsible for 19% of all corporate security breaches. The success of these attacks depend on one very valuable currency: personal information.
Once a cyber-criminal has accessed an employee’s salary breakdown or banking details, for example, they can use that information to manipulate their way into the corporate network. As phishing and social engineering attacks become increasingly sophisticated, it’s absolutely crucial that companies protect their payroll data to the best of their abilities. Here are three ways for companies to safeguard their payroll data:
1) Employee training
All employees, regardless of their position in the company need regular cyber-security training. In the rush of day-to-day business, it’s all too easy for a clever phishing attack to catch someone – be it the CEO or the new intern – offguard. Armed with company payroll information, a cyber-criminal could phone or email an unsuspecting employee with a seemingly legitimate request from the payroll team. All it takes is a couple of seconds for the employee to unwittingly open a link or insert their network password and the system is breached.
Unfortunately, ignorance is no defence in the event of security breach – and the company in question will typically have to face expensive legal consequences. However, the greatest cost is undoubtedly the damage done to a company’s reputation. Public loss of customer or employee information has a far-reaching business impact. To safeguard business revenues and growth potential, staff must be trained to spot and report suspicious phone calls or emails.
2) Password protocol
Passwords need to be tough, yet memorable. Not an easy
@PaySpace
Warren van Wyk is one of the founding members and leaders of
PaySpace
Warren has over 18 years of experience in the software development industry. After graduating from Van Zyl and Pritchard, he started his career at an international payroll vendor where he travelled internationally on many projects and gained huge insight and exposure to international payroll requirements. He later moved to a large software outsource services vendor where he was placed on a project to rewrite a large client’s entire software technology stack using Microsoft technologies. His vast end-to-end software project experience coupled with his technical payroll knowledge greatly assisted the PaySpace team in the architectural solution design, having a leading and managing hand in every intricate area. His role as a leader in PaySpace means that he performs a variety of tasks which significantly affect the growth and strategy of the company.
combination to get right but crucial in the fight against cyber-crime. Most individuals have many different passwords to remember. As the list lengthens, it’s only natural to choose something simple like a birthday or home address. Unfortunately, a dictionary attack can crack a basic code (even if letters are replaced by numbers) in just a couple of seconds.
Part of employee cyber-security training needs to focus on password creation. A strong password is at least eight characters long and mixed up with upper and lowercase letters, symbols and numbers. Ideally, a password should be something that can’t be found in a dictionary. All corporate network passwords need to be run through a regular password check to make sure they’re as uncrackable as possible. As extra precaution, when an employee leaves, passwords need to be changed.
3) Payroll technology
To protect its payroll data, a company needs to ensure that its payroll technology includes topsoftware. An outsourced payroll service provider with an ISO 27001 certification will be able to encrypt stored data and enforce security measures far superior to most inhouse capabilities.
Whatever payroll solution a company chooses, it needs to ensure that all the technologies it shares information with are also
secure. PaySpace for example, integrates with Xero. This link of-the-range information security
is kept secure due to their twofactor authentication and device recognition programme.
If you have Xero two-step authentication enabled you will be required to enter a six-digit code provided by a separate app on your smartphone, in addition to your Xero username and password, when logging in. This means a Check out approvalmax.com hacker that just has your password won’t be able to access your data. The two-factor authentication feature also comes with trusted device recognition – if you select ‘Remember me for 30 days’ you won’t have to perform the second authentication step on that device for 30 days.
There is no avoiding cyber-crime. Instead, businesses need to take proactive action to keep their systems and people safe from attack. A company’s first line of defence is protecting its payroll data. Secure processes that are reviewed regularly will help keep a business secure and off the cyber
