The Following is a question answer format conversation with an administrative employment expert that was nice enough to take the time to reply to some questions. Please read this knowing this is input from the experienced professional Christina Hageny from Valor Payroll Solutions.
What are your biggest concerns with personal identifying information for your employees and customers? “Too often business owners don't realize the risk that is posed when they email secure data. We utilize two-factor authentication on every login that we have, but most people do not. This leaves your email open to hacks. If you're sending secure data via email, and your email gets hacked, everything that you've ever sent is now in the hands of a cyber-criminal.”
Valor Payroll Solutions
What are your methods for protecting the end user of your services?
• We use two-factor authentication for all logins, including (but not limited to) our email, payroll system, project management system, and secure file storage system.
• We use secure passwords and a password storage platform that requires two-factor authentication.
• We provide access to our secure data storage platform so that clients have a way to send information securely.
• We have EFT limits in place to ensure that payrolls outside of the normal range cannot be pushed through without our intervention.
• We try to inform clients of the potential risks of sending secure data using methods that are not secure (such as email), and will not accept emailed information from clients for this reason. We do not allow employees to request changes from us directly, which also helps to ensure that the requests we are receiving are legitimate.
• Each client has one designated payroll rep to work with, so we can more easily identify things that might be out of the norm.
• We are extremely vigilant when a prospect inquires about payroll services to ensure that the person and business are legitimate. What clients may not realize is that people are constantly trying to scam payroll services by setting up fake accounts, processing payments to banks that they have access to draw the funds from, and then NSFing on the debit. We not only perform credit checks but also do our homework by researching the person and the business. If the details don't add up, we do not move forward with setting up the client.
Have you seen certain practices that fall short of protecting a client from getting their information stolen?
• Clients should be wise when creating passwords - they should create secure passwords that are not easy to guess, not use the same password for multiple platforms, and keep the passwords stored in a secure place that is accessible remotely.
• Clients should enable two-factor authentication whenever possible, but more importantly on their email.
• If clients followed these two simple rules, I believe the instance of having information stolen would decrease dramatically.
How has information loss or data breaching affected any of your employees or clients in the past?
• At a previous company that I worked for I experienced a hack firsthand. An employee's email was hacked, and the hacker then used that email to request a direct deposit change. This change went to the employee's manager, who implemented the request. Several pay periods later the employee asked the manager why she was not receiving her direct deposits, and it wasn't until the employee brought it to the manager's attention that they realized what had happened.
Is there a method you have developed that helps keep your clients safe from data breaches and what is it?
• Clients are required to set up two-factor authentication to log in to our payroll platform. This ensures that their employee's data is safe from being compromised.
• We do not accept emailed information or requests that contain sensitive information such as bank account numbers or social security numbers. We request that clients utilize one of our secure options - electronic onboarding, fax, or upload to our secure data platform.