While payroll professionals are well-schooled in how to recover from the effects of hurricanes, floods, fires, power failures and other disasters, little has been taught about what to do with computer systems after a breach or other event compromises the integrity of pay systems.
Different types of plans need to be developed and new kinds of risks should be assessed, depending on the type of compromise. How quickly payroll can get back up and running after an event depends on the type of incident, a corporate-developed decision tree and the service provider that is to investigate and remedy the problem.
Two general categories of data and system compromise emerge as most likely to occur.
First, there are those looking to mine data, often for personal-identifying information. This can occur through phishing schemes and by staff members who fail to follow security protocols and lose laptop computers or leave systems open to hacking into otherwise secure environments.
The other category includes attempts to compromise the integrity of a network and irreparably harm the organization.
In both situations, instigators could be from within the organization that is under attack, or at least were able to obtain password or systems information from someone within the company. Infiltrators also may have had more secure access to systems.
Regardless of how the breach occurred, the risk protocol for addressing a payroll-systems issue is basically the same as for other data-compromise situations, said David Meyer, vice president of products at OneLogin, a California company that specializes in identity and access management solutions.
Data-security experts interviewed by Bloomberg BNA agreed that each situation is different, and there is no one-size-fits-all solution for remedying data-security incidents.
Some general guidelines, however, may be considered and applied, and payroll professionals should know what actions need to be taken after a security breach.
“Every company should have someone responsible for security incident response,” Meyer said, adding that the payroll department should know how to contact that person.
The organization also should have an incident-response plan, similar to a disaster-response and business-continuity plan, but tailored to critical systems issues.
To help assess risks and make determinations as part of the incident-response plan, employers often rely on third-party security firms that have the resources to perform thorough examinations. The role of these groups is included in an organization's incident-response plan, and large employers have arrangements set up to quickly bring in these experts.
Payroll professionals may ask: What can we do to get payroll running again after an incident? The answer depends on the severity of the compromise and the assessment from the team involved in the incident-response plan.
A “data spill” situation does not necessarily mean payroll needs to scrap the pay system, or even halt or delay the next pay cycle, Bloomberg BNA was told. A default mechanism for preventing additional leaks is to “get bad people out” of the system by resetting passwords and adding authentication protocols, Meyer said. After a full system review, the response team may provide the go-ahead to payroll that processing may proceed.
When data are corrupted or modified, or the system has been infiltrated, such as if wage deposits have been misdirected, the response team should identify all modified user records, determine the scope of the liability and assess the damage, Meyer said. A proper examination of the systems with identity controls should be able to inform the team who accessed what records and when, he said.
Depending on existing capabilities and backups, the ability to restore payroll data from backed-up files after a systems problem has been patched is one scenario of recovery for these breaches. Those in payroll would have to be a part of the process to remediate and recover, involved with the incident response team.
In the end, the cure to responding to an incident can run the gamut of a password reset to applying for a cyber insurance claim for victims of attacks. This is why it is important that leadership and personnel, including payroll, create and execute an effective remediation plan.
For more information: To learn more about payroll’s response to data security incidents, see the strategic white paper, “System Breaches and Payroll,” that recently was published for subscribers to Bloomberg BNA’s Payroll Decision Support Network.
Take a free trial of Bloomberg BNA’s Payroll Decision Support Network, your one-stop resource for reliable, up-to-date guidance and analysis in every area of payroll administration and compliance.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)