Payroll departments handle a lot of sensitive data on a daily basis, including addresses, wages, bank account details and social security numbers. As a consequence should this payroll data become compromised the consequences can be absolutely devastating. Below are some steps to ensure it doesn’t happen.
Learn To Recognize Phishing Schemes
Phishing schemes typically involve emails that are sent out falsely pretending to be from qualified individuals requesting confidential information. Some of these emails look and sound genuine, and are designed to acquire data which can be used for identity theft. If you receive an email asking for sensitive information that you aren’t sure about, always confirm that it is genuine and do not transmit any confidential data to them.
Enhance the Security Of Your Computers
There are a number of steps payroll departments can take to protect the data of their employees, including the installation of firewalls which can be used to prevent unauthorized access, the creation of a proxy server to restrict intranet or internet accessibility, and the auditing of time and labor management network connections on a regular basis. Spam filters are also highly effective in getting rid of email which is unwanted or unsolicited.
Payroll department workers should never click on any link which is suspicious, and patches or updates should be regularly installed which ensures both operating systems and security software are always up to date. Data should also be backed up frequently, because systems are subject to crashes which can wipe out tons of valuable data. Policies should also be established regarding how and when data must be backed up, and who is authorized to do it. Passwords should be tough, long and distinct, and should be switched every three months. Never use passwords which are too similar on multiple platforms. Any data stored on mobile devices or computers should be well encrypted.
Ensure That Data Is Physically Protected
When most people think of data breaches, they think of digitized, network intrusions by hackers, but don’t forget about the common thief. They can compromise data in are more traditional fashion, by physically seizing documents or storage devices such as USB drives, DVDs, tapes or other storage devices. These should be locked up in a secure area, where only an authorized few are allowed access. The only people who should be allowed in this area are book keepers or payroll processors, and even then they must have a good reason for being there and their access should be documented and recorded.
Stay In Compliance With Data Breach Laws
A number of states throughout the U.S. such as Tennessee, Colorado and California are implementing data security laws. These laws require employers to inform their employees of when a data breach has occurred, and whether or not the confidential data had been encrypted. It is important for businesses to keep abreast of these laws, because if they fail to do so they could be held liable and subject to fines, litigation and other penalties.