In today’s sophisticated world, cybersecurity is an ever-growing concern. There isn’t a day that goes by that you don’t hear about cybersecurity breaches in the media. For example, in recent days, a private security company notified the U.S. Cybersecurity and Infrastructure Security Agency about a “major computer intrusion,” whereby federal, state, and local government computers, and thousands of private companies and organizations were hacked. And, what’s worse, this has been ongoing since March 2020 and continues to pose great risk.
So, what is cybersecurity? It protects computer systems and networks from theft or damage to hardware, software, or electronic data, as well as disruption or misdirection of the services they provide to businesses. An online breach can cripple a business and be very costly.
These security problems are compounded, because they affect each business differently, yet they touch every segment of a business and the risk factors associated with them. Protecting data privacy that each business is entrusted is a universal goal and includes:
- Types of data your business have. Do they include credit card information, health information, criminal history, or biometrics?
- Which departments have access to your data?
- Who are your data service providers and what are their credentials?
- Which personnel have access to your data?
- What steps has your company taken to protect your data? Encryption? Back-up? Internal controls?
Protecting Your Data
Currently, there are no federal laws in place to protect your data; however, at least 31 states have established laws regulating the secure destruction or disposal of personal information. Of those, 12 states (Arkansas, California, Connecticut, Florida, Indiana, Maryland, Massachusetts, Nevada, Oregon, Rhode Island, Texas, and Utah) have imposed broader data security requirements, while others are considering legislation, including New York.
California, the home of Silicon Valley and many global technology companies, is a pioneer on the data privacy front. Plus, the California Consumer Privacy Act of 2018, which went into effect January 1, 2020, mirrors the General Data Protection Regulation (GDPR) instituted by the UK, commonly known as the Data Protection Act 2018. It’s the UK’s implementation of the General Data Protection Regulation (GDPR), meaning that everyone responsible for using personal data has to follow strict rules called “data protection principles.” They must make sure the information is used fairly, lawfully, and transparently.
Any company doing business in a nation that has adopted the GDPR must comply with its consumer protections regarding data privacy. The GDPR spans many types of data, such as:
- Personal-identifiable data (e.g., names, addresses, birth dates, Social Security numbers)
- Web-based data (e.g., user location, IP address, cookies, and RFID tags)
- Health (HIPAA) and genetic data
- Biometric data
- Racial or ethnic data
This means that U.S. businesses that operate in multiple jurisdictions must consider these and other categories pertinent to their industry, as they segment data they’re holding, with the understanding that the data is essential to instituting the right level of privacy safeguards.
How to Safeguard Your Data
Cyber-attacks on payroll, especially for small businesses, can cause far-reaching and long-lasting damage, because they involve personal information and sensitive data. Your business risks losing employee trust, damaging your brand image, and facing possible penalties and legal action.
Your payroll department needs to securely store sensitive information on your employees, including bank account details, home addresses, health care information, Social Security numbers, and wage information. Employees who have their data compromised face ongoing attacks by cybercriminals, including re-routing their wages and even identity theft.
Okay, now that we’ve got your attention, here’s what you can do to protect your data.
- Understanding your data is the first step to securing it.
- Be knowledgeable of the relevant laws and regulations your business must comply with.
- Stay alert for any indications of a breach. Unfortunately, many data breaches can go on for quite some time (as mentioned above) before being detected. Knowing the time lapse between when the data is hacked and when it’s discovered allows hackers to continue accessing vulnerable data. As a result, data must be constantly monitored for breaches. Watch for signs of a breach, which could include an unanticipated spike in bandwidth usage. It could represent a red flag and indicate a problem.
COVID-19 Poses New Cybersecurity Concerns
With the coronavirus, businesses have to pivot/adjust to their employees working from home. Despite this, employees still require technology to do their jobs and they need to be even more vigilant of cybersecurity. Businesses can’t function today without computers, the internet, and Wi-Fi to fulfill job responsibilities. However, employees working from home expose themselves to a host of cyber risks that are reduced when in the work environment.
As with any tragedy, COVID-19 has opened the door for hackers finding new ways to steal data from unsuspecting users, requiring employers to be even more vigilant, while constantly reminding employees to keep their computers secure. As an employer, here’s what you should know.
- Make cybersecurity top of mind. It’s one thing to provide a safe and secure office environment and another when your employees work from home, because you can’t control all the factors in a home environment. Any breach can be devastating to your small business, so you need to be hypervigilant. According to Emil Sayegh, contributing writer at Forbes, “Today we are witnessing a rapid rise of opportunistic cybercriminal activity taking advantage of the chaos created by COVID-19.” And for businesses that are already fighting to remain afloat due to challenges faced during the virus, a cybersecurity breach could quickly shut them down. Sayegh warns that businesses navigating this “new normal” must address weaknesses in their IT strategies exposed by COVID-10 and consider implementing a better preparedness plan to avoid long-term damage.
- Scams involving “masks” are a possibility. Not the masks you wear to avoid COVID, but scammers posing as wolves in sheep’s clothing. Instruct your employees not to click on suspect email, particularly if it relates to COVID-19. Computer criminals try to get people to click on malicious links that install ransomware, a type of malware that threatens to publish the victim’s data or perpetually blocks access unless a ransom is paid. An example is cities and towns that have had their sensitive data held ransom, crippling their operation until money has been paid.
- Scammers use phishing to fool people into giving up money or sending credentials. It’s a fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, banking, credit card details, and passwords by disguising themselves as trustworthy entities by featuring similar logos and other identifying information in an electronic communication. Targets are contacted by email, telephone, or text message by someone posing as a representative of a legitimate institution to lure individuals into providing this kind of data. This information is then used to access important accounts and can result in identity theft and financial loss.
Your employees shouldn’t open suspicious emails or links included in those emails. If unsure an email was sent by someone the employee trusts, it’s best to call the person to confirm they sent the email and/or attachment.
- While numerous passwords are an inconvenience…to say the least, they provide another layer of protection from scammers. While it’s convenient to use the same password for multiple accounts or files, once a scammer gets hold of a password, they then have cart blanche to a broad range of files and sensitive information.
Stress the importance of using strong passwords consisting of upper and lower-case letters, numbers, and symbols, ideally, one that contains eight or more characters.
Finally, make sure your employees DO NOT share their passwords, either via email or text message.
- Employees working from home using Wi-Fi pose a new level of risk for employers. Work computers should be exclusively dedicated to employees doing their jobs from home. They need to be protected from family members or visitors using them or anyone else entering the home, including service workers. And, updates or security patches need to be routinely installed immediately to protect them from malware, a software that’s placed on a computer or other device with the intention of doing harm.
- When your employees use a website, have them look for “website certificates,” signs that indicate a site uses encryption to protect the user. There should be either a closed padlock, which, depending on your browser, is located in the status bar at the bottom of your browser window or at the top of the browser window between the address and search fields OR a Uniform Resource Locator (URL) that begins with “https:” rather than just “http:”.
- Cybersecurity training is still a good idea for employees working from home. Knowledge is power in terms of what employees should look for on a daily basis. Plus, the training serves as a top-of-mind refresher.
- Start with reminding your employees not to leave passwords or other confidential information out in the open.
- If they use flash or thumb drives, they need to use make sure they have been approved prior to use.
- Remind employees what websites are approved for use during working hours, make sure they deactivate pop-ups, and don’t download software from unreputable places.
- Email is a portal into cybersecurity breaches. While email filters catch spam and suspicious email, employees still need to be vigilant in reporting suspicious email.
- If visiting social media sites isn’t part of your employees work duties, it should be banned on work computers to protect them from phishing attacks.
- Make sure all your employee software is update, secure, and routinely monitored for scams.
- ALWAYS backup your data, use multi-factor authentication for additional security, and check that all systems have secure firewalls.
- Keep IT support on standby, as needed. Employees need to know how to reach IT support, even if they have innocuous computer-related questions.
- Consider purchasing cyber liability insurance. It can help to cover business’ liability if customers’ personal information is taken. If your business has been hacked, the cost can be very high, but cyber insurance can help your business recover from the incident. According to the International Risk Management Institute, cyber insurance can cover expenses, including the cost of notification and credit monitoring.
Hire a Payroll Provider You Can Trust
Your payroll data is very important to cybercriminals. While hackers continue to get better at personal engineering to obtain sensitive data, IT companies remain one step ahead by using the latest developments to keep businesses and their sensitive data secure. When you partner with ASAP Payroll Service, be assured they use a cloud computing service that’s agile and delivers fast results. Whether your business is large or small, ASAP Payroll Service can help you choose the development platform or programming model that makes the most sense for your business. And you can choose which services to use, one or several, and how you use them. This flexibility frees you to focus on innovation, not infrastructure. Plus the cloud computing service they use is a secure, durable technology platform with industry-recognized certifications and audits.
Plus, ASAP Payroll Service teams with an outside IT company that handles all the firewalls and constantly monitors for hackers.
Contact ASAP Payroll Service to learn how they can protect your business from cyber criminals and give you peace of mind. They can be reached at 317 887-2727 or by fax at 317 887-2741.