Posted By PayNW May 12, 2023
News of information security breaches is becoming commonplace. High-profile data breaches of national retailers, medical providers and insurers, and most famously, our government, has people feeling anything other than protected. In addition, businesses are scrambling to review their systems to make sure that they, and their customers, are not the next victim of an attack.
Keeping Employee Data Secure
Payroll and Human Capital Management companies are not immune to this threat to data security. These types of companies manage data that is valuable to hackers intent on securing personally identifiable information to sell on the open market or use in direct fraudulent schemes.
Acknowledging the danger, and in response to this rapidly evolving battleground and methods of attack, many companies are moving quickly to harden their systems.
Today’s cloud-based human capital management systems, like PayNW's, are built with principles of security, reliability, and accessibility. They are also based on usability. And therein lies the tension. How do managers keep data secure and save time on HR tasks and other administrative duties?
HCM Data Security
Human capital management (HCM) systems include payroll, talent acquisition, HRIS, timekeeping, scheduling, and benefits administration, and thus an important aspect of HCM software is that a large portion of your workforce actually uses it.
Each employee has his or her login in order to check pay information, enroll in benefits, request time off, swap schedules, etc. And yet, as the number and variety of sophistication level of the workers increase, the challenge of maintaining a secure system for all goes up. And as security measures are tightened, the usability of the system can go down as well.
And so, a tightrope walk between solid data security and system usability is made by purveyors of these now essential employee administration systems.
HR Data Security at PayNW
Recently, PayNW, in the interests of the security of the very important information that its clients put in its trust, asked all its users to conform to a new set of tightened security procedures and policies.
We would like to thank our many thousands of users who log in to the system every day for their willingness to adapt to this change. This is a cost of time and convenience that we asked all to bear in the interest of a more secure computing environment for everyone. We are grateful for our wonderful clients’ understanding, willingness to adapt, and from many, their encouragement of our efforts.
Strategies for Keeping Data Secure
In today’s world, data security is not obtained through one person or one company. Today’s systems and data are linked in a chain of dependency going from the user to the device, to the application, to the telecom provider, to the data center, and on and on. It takes every link in the chain to do its part.
Payroll and HCM companies like PayNW are audited on our security measures including our software vendors and data centers.
But users are not in the business necessarily of thinking through how to best protect their, and their colleague's data.
Here are a few system policies that are becoming best practices, if not standard requirements, for any user logging into a system with sensitive information:
- Strong passwords. Usually of a minimum length of 6-8 characters requiring a combination of upper and lower case and special characters
- Multi-factor authentication (MFA). Adding an additional level beyond a password to prove you are who you say you are. Often times this additional level relates to the device you “have” or are using.
- Password change. The bane of our existence, I know, but requiring password changes after a certain amount of time helps clear out the most egregious openings in a system if a password is not properly protect.
- Notification of changes. Creating notifications that go out to the user of any changes to the users log in credentials.
This is what life will look like for most of us, across all of our important logins (irs, bank, health providers, payroll providers, insurance providers, etc.). For the time being. The cat and mouse game between hackers and security professionals will continue. The state of the art in securing personally identifiable information will evolve as that game is played out.
In the meantime, we – your payroll and system vendor – will do everything we can to make sure that data security remains our most important objective.