Cyber-security is near the top of all CIOs’ priority list today, and for good reason. Successful attacks, particularly ones that expose personal data, can have severe consequences for businesses, including massive regulatory fines, and incalculable loss of reputation.
Even worse, a recent article by BroadbandSearch revealed several alarming cyber-crime statistics for 2019, including that there have been over 1000 data breaches, exposing 147 million records in the first nine months of last year alone. Moreover, another study claimed an attack – such as malware, phishing, ransomware, or spam – happens every 39 seconds.
Scary stuff by any standards. The article also claimed the number of data breaches is growing every year, and shows no signs of slowing down, in fact, quite the opposite. As more and more IoT devices connect to the Internet and to each other, the problem is skyrocketing. The more devices, the more data, and the more crooks will try to get their hands on it. Unfortunately, where there’s a will, there’s a way.
The common wisdom today is that there are two kinds of companies. The ones who have been breached, and the ones who have been breached and don’t know it yet. Security is a catch-up game, with vendors always on the back foot when it comes to keeping up with adversaries who are more determined and sophisticated than ever.
Add to that, that despite having the best security measures in place, the biggest danger is often just down the hall, putting the business at risk through poor security hygiene or carelessness. At the same time, too many companies lack strict security policies and don’t enforce strong passwords or use encryption.
Personal data is the ‘crown jewel’ for attackers, as it can be used to conduct cunning social engineering attacks to fool employees into opening an email or clicking a link that appears legit, but isn’t, and instead helps criminals gain access to the company network, to snoop around, and steal confidential or proprietary data.
This is why security payroll data has become critical, so here are a few tips to help your business and staff protect this valuable asset.
Be vigilant
Gone are the days when a cleverly forged signature could help a criminal gain access to a bank vault. Unfortunately, as security has upped its game, so have criminals. Physical assets are no longer in their crosshairs, they are after personal information such as login credentials and banking details. Once they have this information, posing as a legitimate member of the payroll department is easy, and they can fool unsuspecting employees into clicking on a link that grants the attacker access to the company’s servers.
Cybercrooks today are cunning and well-funded. Their phishing emails seem so professional and legitimate, they are indistinguishable from the original. Over the phone too, you could never tell them apart from a genuine call centre employee. To keep your payroll data secure and out of the wrong hands, your employees have to be suspicious and take nothing at face value. This is why training is key to hardening a company’s security posture.
Raise awareness
Like it or not, your staff are your greatest weakness. Train them well, because if they don’t know what to look out for, it will be easier to trick them. Social engineering relies heavily on employee ignorance and naivety, so ongoing training is key to helping them pinpoint anomalous activity. From intern to CEO, every staff member needs to understand the importance of keeping the company network safe – and play their part in helping it remain so.
Another way employees and companies also endanger themselves, is by using weak passwords, the former because they are easier to remember, and the latter because they don’t enforce stronger ones. A brute force attack will crack a simple password in a matter of minutes, so enforcing the use of extremely strong passwords and changing them regularly isn’t optional.
Another simple, yet crucial tip, is investing in the best payroll technology available. Outsourcing your payroll can protect your business and employees from breaches. But remember, not all payroll solutions are created equal, make sure you choose a provider with the best security measures in place. PaySpace has invested in its security intelligence and has an ISO 27001 certification in Information Security Management.
For more cyber-security tips, contact PaySpace and find out how our technology can help secure your payroll data.