With cyberattacks targeting employee data increasing in number and sophistication, employers need robust, multilayered security systems in place to guard against attacks and their repercussions, the vice president and chief operating officer of PenSoft said May 16.
“It is no longer just an isolated problem,” Stephanie Salavejus, CPP. “Many would say it’s a pandemic. Organizations on a daily basis are finding themselves victims of various phishing schemes or attempts to extract sensitive data from their organization.”
“These perpetrators are very, very determined. They have patience,” Salavejus said at the annual American Payroll Association Congress in Orlando, Fla. “They’re willing to keep trying again and again. And the sad thing is they’re becoming very successful at finding the weak points.”
As cybercriminals broaden their entry points into organizations, the scope of who may be considered culpable in the wake of a successful attack may widen too, Salavejus said. “Security is no longer I.T.’s problem because if there is a data breach and you get investigated, trust me, if that data breach occurred in payroll you’re going to be sitting in front of an officer answering questions,” she said.
Business owners also could face legal repercussions, Salavejus said. “I think what you’re going to see in the coming years is there’s going to be more legislation geared towards protecting consumers and tax payers against organizations that have poor security protocols in place,” she said.
What Can Employers Do?
When determining protection against a cyberattack, employers should know it is a matter of when, not if an attack will occur, Salavejus said.
“Our objective is to deter the criminals. Make it hard. Make it frustrating,” Salavejus said. “To some extent make it not worth their while to keep trying to find a back door.”
People are the weakest link when it comes to data security, Salavejus said. To mitigate that risk, employers should have a written security protocol that is reviewed annually. Employees should receive annual training to ensure they remain compliant, she said.
Additionally, employers should limit the number of personal devices that connect to the company’s network. An iPod, mobile phone, USB flash drive or camera could introduce a virus to the employer’s network, Salavejus said.
An internal hotline that allows employees to report any suspicious activity they see may also be helpful, Salavjeus said. Thirty-eight percent of targeted attacks in 2016 were caused by malicious actions of employees, she said.
Employers should also research the vendors and third-party providers they hire, Salavejus said. “Ask the tough questions,” she said.
When assessing risks, employers should ask about data storage, who may access it, how securely are stored and for how long, Salavejus said.
Employers also should ensure that endpoint protection is used to its fullest capability, Salavejus said. Cybersecurity monitoring services and insurance may be worth considering, she said.
Programs like those are expensive, but should be weighed against the cost of a potential breach, Salavejus said. “As a business owner, or even a university or a health care facility, what is the cost if you have a major data breach? For some organizations it will shut you down,” she said.
Take a free trial of Bloomberg BNA’s Payroll Decision Support Network, your one-stop resource for reliable, up-to-date guidance and analysis in every area of payroll administration and compliance.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)