Your worst payroll nightmare has happened in real life.
Cyber-criminals hacked the payroll department of the city of Tallahassee, stealing half a million dollars in wages that belonged to the city’s municipal workers. It was the second breach of security for the city in the past month.
And it hasn’t stopped there. Payroll remains a major target for cyber-criminals.
During the recent run-up to Tax Day in America hackers used fake accounts that looked like emails from top payroll companies and accounting firms, taking advantage of the flurry of emails sent back and forth between accountants and their clients during tax season. The attacks were so fierce that a leading US HR management company with many legacy clients, was forced to issue a warning to its clients in March against fake emails that appeared to be coming from the company.
This recent emphasis on attacks on payroll underscores the need for security at the highest level. Only a system that complies with the highest standards available, maintains a strict privacy policy, and employs safe communications procedures can be trusted to keep the data safe.
How To Secure Your Payroll
Hackers won’t stop trying to steal payroll money. But a number of measures can make it harder for hackers to break through company defenses.
Highly sensitive data such as financial information and employee details should be protected by the highest measure of security available. That means working with companies that are certified in ISO/27001. If customer data is stored on the cloud, it should be in compliance with SOC 2.
Other safety measures add layers of protection to those systems. Replacing email communication with safe, internal communications systems can protect data from hackers. Email may be the worst possible system for communicating sensitive data. Most systems are easily duplicated by hackers well enough to fool users. Confidential data sent on secure, cloud-based systems are unseen by hackers and difficult to recreate.
Moving towards automating payroll removes the biggest risk factor of all – the human factor. Virtually all of the recent hacking attempts relied on fooling people to open or click through a virus-infected email. An automated system offers a measure of protection against that tactic because there are far fewer people involved.
Automation is also cloud-based, which adds two more elements of protection. First, the cloud keeps data separate from the work environment where it is being used, so even if a hacker succeeds in breaking through, he still remains far away from his goal. There is still a barrier to the cloud.
Second, cloud-based systems, like those hosted by leading providers such as Amazon Web Services (AWS) have their own state-of-the-art security measures. A hacker would have to get through two layers of extremely tight security to break through a cloud-based system. With such a challenge, it is simply easier for a hacker to find a more vulnerable target.
Hackers thrive in environments where the technology is old and, in many cases, vulnerable. When it comes to payroll, every effort must be made to ensure the highest level of security. That means taking advantage of the most modern, cutting edge, and innovative solutions.
In today’s high risk environment for payroll, safety means high level data security compliance, effective privacy policies, automation, and the cloud. Anything less is risky, and as the city of Tallahassee learned, it could be extremely expensive as well.
