Year-End Security Checklist
Year-End Security Checklist

Year-End Security Checklist

Overview

Every day, hackers with malicious intent are trying to steal your sensitive information. And with more employees shifting to remote work environments, cybersecurity threats continue to increase.

These plans can be executed in a variety of different ways whether it’s phishing, malware that monitors your keystrokes, a virus that downloads your saved passwords, hacking of a site where you’ve used a similar password, among other tactics. And security threats increase as we approach year-end.

In this article, we’ll help you understand these threats and give you the tools to mitigate them, especially during this time when heightened security is needed.

Threats

Malware & Viruses
Malware and viruses, like your average cold, spread from computer to computer inflicting pain. Unfortunately, there is no vaccine or tool that will ever eradicate this problem, but you can take a few steps to limit your risk. First, practice good security hygiene. Don’t use the same password on multiple sites and try not to visit sites that are high risk. Second, use an anti-virus program. Lastly, use common sense and be on the lookout for suspicious activity on your computer.

Phishing

Phishing is the attempt to obtain sensitive information for malicious reasons by posing as a trustworthy person or company. This is often done through an electronic communication, such as email, phone call or website link. Some things to watch out for are:

  • an appeal to authority (“I’m a police officer…”),
  • an appeal to shared experience (“On behalf of Facebook…”),
  • an appeal to urgency (“We need this information today…”),
  • threats of harm (“Sally’s house might be foreclosed if we can’t get this information…”), and
  • other suspicious qualities (a foreign accent, bad spelling, website links).

Some additional precautions to consider are to:

  • Hover over links of emails and view the target address before clicking them,
  • Only enter sensitive information, including login credentials, into a secure website (https) and never enter it into a non-secure website (http),
  • When entering sensitive information, always be sure that the website has the address you would expect. For example, most legitimate sites will always end with “the name of the company.com”. If there is anything before the .com that you do not expect, hesitate and investigate before entering sensitive data.

Protecting Your Tax Documents
One type of attack that is gaining significant traction is impersonating executives at an organization through email. One example of this occurs when someone poses as the company’s CEO and asks the recipient to reply with W-2 information for all internal employees. The attackers are getting more and more sophisticated and are specifically targeting employees that they expect to have access to sensitive information.

Be vigilant if you receive an email like this. It is highly unlikely that a senior leader at your company would ask you for this information or be frustrated by taking extra precautions to handle such a request.

Using the Right Security Tools

Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a foundational security control supported by Paycor that helps prevent successful attacks involving compromised credentials. Paycor allows customers to utilize this security control in three different varieties: (1) Google Authenticator, (2) phone—text or call and (3) email.

Google Authenticator is one of the most secure MFA controls on the market supported by Paycor. At a high level, it is a time-based, one-time password in the form of a rolling code generated through the Google Authenticator application (which can be downloaded through the app store) used to verify users at login.

Phones offer the next best MFA control that Paycor supports. Users can authenticate at login through text (SMS) or through a phone call.

Paycor also supports MFA control via email. Similar to phone verification, users can authenticate at login by entering the unique one-time code that is sent to their email inbox.

Direct Deposit Notifications
Direct Deposit Notification is a service that Paycor provides to customers by default at no additional cost. It empowers customers by sending their employee users proactive notifications of account changes so that suspicious changes can be flagged for additional review and, if necessary, escalated to Paycor for additional review and fraud prevention.

Risk-Based Fraud Alerts
Risk-Based Fraud Alerts is another service that Paycor provides at no additional cost. This service provides a safety net for our customers who are doing their best to provide timely support, while also validating the requests that they receive. This service alerts administrators when an update to an employee’s bank account may require additional verification as a result of fraudulent indicators – allowing you to prevent fraud before it occurs.

Going Further

MFA for your email
Many people use their email inbox consciously or unconsciously as a storage location for sensitive information (e.g. login credentials, banking information, documents containing you Social Security Number, etc.). This makes inboxes a target for malicious individuals seeking sensitive information. To help protect your inbox, investigate available security controls. Major email providers like Google (Gmail) and Yahoo offer MFA controls that can be set up to further mitigate your risk of data theft.

File Your Taxes Early
Chances are your sensitive data may already be compromised. With breaches being announced every day in the news, it is possible that your information is already in the hands of the wrong person. The best thing you can do to prevent its misuse is to limit the value of the information. Often, compromised information is used for tax fraud. By filing your taxes as soon as possible, you beat the bad guys to the IRS, making the information worthless to them and giving the authorities a better chance of catching the perpetrators.

Spread the Word
Be proactive when informing your workforce of potential threats. Consider using your company intranet, all-staff meetings or video communications to share examples of potential threats to increase awareness and help prevent risk.

For More Information…

If you are interested in finding out more information about how you can keep your company safe, please visit https://www.paycor.com/security.