What To Learn From Facebook’s Payroll Data Theft
It happened to 40 million Target shoppers at the height of 2013 holiday shopping season. It also happened to 100 million Capital One customers and most recently to 29,000 employees at Facebook. What are we talking about? It’s stolen data.
In the case of Facebook, It’s being reported that unencrypted hard drives containing 2018 Facebook payroll data was stolen from a car belonging to a member of Facebook’s payroll department on Nov. 17 of this year. It took until Nov. 29 for someone to realize that employee payroll data was on the drives and then another two weeks for the company to start notifying those affected! OUCH!
This proves that a data can be lost or hacked at any time — from outside your organization or from within it. Let’s not forget that it can stem from good ol’ fashioned, human error too. When it comes to payroll processing, confidentiality needs to be an absolute priority. Bank account numbers, home addresses, social security numbers, salaries and other personal data are necessary to process payroll and tax forms, and they cannot — under any circumstances — be compromised. So, the question is – “how protected is your business?’
At Fingercheck, we take security of our clients seriously and go to extremes to ensure sensitive data is secure – at all times. We strengthen our defense strategy constantly and that means upholding technology protocols and security measures as well as administering proper staff training in our payroll and customer support departments.
So, we’ve put together 6 tips to help you ensure your payroll data is safe –
- REFINE PAYROLL SECURITY PROCEDURES
If some crazy reason you’re not using Fingercheck for payroll, it’s important to ensure your procedures include training employees who handle payroll on proper use of your payroll system on a consistent basis. Executing regular audits of payroll procedures and data security will help employees not get into bad habits that inadvertently misuse the system and expose potential security threats.
- APPLY TIMELY PAYROLL SYSTEM UPDATES
Speaking of payroll system updates, they should be applied to the payroll software in a timely fashion. Running an older version of the software may leave gaps in data storage and retrieval leaving you susceptible for a breach – and that’s not good. This ensures that everyone is on the same page and utilizing the system in its most current state. Payroll technology vendors typically apply updates to the system automatically, which provides peace of mind.
- EMAIL AND MOBILE SECURITY
Your organization likely has a security policy to monitor and track threats via anti-virus and anti-malware software. Ensure that payroll system security is part of that policy and that all employees working on payroll follow company protocol.
Confirm that email policies are strictly enforced and followed within the payroll department to minimize the risk of employees forwarding or receiving attachments, often times they may do so and not realize they’ve included sensitive or confidential information.
If payroll employees are emailing correspondences on their smart phones it’s vital that messages are encrypted. Are attachments encrypted? This is particularly important in our mobile world. Have a clear policy set for mobile access. If utilizing mobile, the security measures in place on their desktops must transfer to their mobile devices.
Make sure employees understand signs an email may be part of a phishing scam and that they follow procedures to report the email and delete it. If your firm needs to send an email asking for confidential information, be certain employees are contacted directly to ensure proper identification.
- UPDATE LOGIN CREDENTIALS
Payroll system users should update their passwords on a regular basis. This policy should be clearly stated and understood as well as backed up with automated reminders. The FTC provides tips for businesses to apply security measures to prevent fraud.
- APPLY SEPARATION OF DUTIES
One of the oldest accounting safeguards that translate to payroll system security is applying separation of duties. Having the same employee create new hire records, collect timesheets, enter data and create paychecks increases the chance for an error that creates a data breach. Create clear and separate tasks for payroll duties that includes 2-3 different users as part of the payment process. It’s also a good idea to regularly schedule audits as well.
- AVOID PAYCHECK FRAUD WHEN PRINTING CHECKS
No that’s not a typo. Some companies are still doing it “old school” and printing checks. If you’re one of them, you can avoid check fraud by using high-security check printing procedures. If you are outsourcing your payroll, ensure your vendor has these safeguards in place. Most providers go above and beyond in this area. Print only the minimum data necessary for a check to be cashed. Providing online self-service capabilities wherever possible for employees to retrieve their data rather than having it printed eliminates the risk of having checks lost or stolen. Ensure pro-active fraud measures are in place at your bank and that blank checks are fully secured.
Ultimately, your organization should build firewall technology with extra emphasis on employee-sensitive information. Ensure your payroll vendor has strong security measures in place that meet or exceed your organization’s security policies.
Taking a full assessment of the data that is in your care — and the entry and exit points of this data — will help you to understand the full scope of what you are protecting. By strategically securing each component of your payroll department and working closely with your technology associates and payroll vendor, you will be steps ahead of any security threats that might come your way.