4 Questions You Should Ask about Data Security
4 Questions You Should Ask about Data Security

4 Questions You Should Ask about Data Security

When considering an HR or payroll provider, security is paramount. To handle your HR functions and to process your company’s payroll, the provider has all of your employees’ most confidential and crucial data. You should be asking, “What do they do to protect it?” Here are four key questions you should ask any potential providers about security.

1. Do you have an outside review of your systems such as a SOC 1 or SOC 2? If so, how often and when was the most recent?

Service organizations that affect the financial statements of their clients are often asked to provide a SOC 1 or SOC 2 audit report. These voluntary audits are performed by outside firms and assess the security of the service provider. Examples of companies that typically have SOC 1 or SOC audits include payroll processors, data centers, medical claims processors and Software as a Service (SaaS) companies. For example, Paycor does a SOC 1 audit annually.

2. What are you doing to protect your systems against attacks from the outside or inside the company?

Attacks from the outside can compromise your sensitive data. The provider should conform to best practices to protect their infrastructure and your data. Some defense measures include:

* Layered network security
* Network traffic encryption according to industry standards
* Network traffic monitoring to identify suspicious-looking activity
* Auditing and notification capabilities
* Regular third-party penetration tests and security assessments

To prevent attacks from the inside, or from the service organization’s employees, ask them if they have confidentiality policies and regular mandatory training for all employees about how to keep client data secure.

3. What are you doing to protect against fraudulent activity?

Many of the defense measures listed above also come into play when it comes to protecting against fraudulent activity. However, best-in-class service providers may also implement the following in order to detect and prevent fraud:

* Internal auditing and quality assurance practices
* Secure document shredding services
* Independent reviews and audits
* Employee reference checking
* Clear policies and standards for employees

4. What is my role as a client or user, and what are my responsibilities when using your product?

Clients and providers must work together to protect sensitive employee data. It doesn’t matter how many controls the provider has in place if the client leaves passwords where anyone could find them, or does not have processes to catch errors or fraudulent activity on the part of their employees. Many data security mishaps can be avoided if clear expectations are set from the beginning.


Want to learn more about keeping your data secure? Connect with a Paycor representative to discuss how we protect your most sensitive information.

More to Discover

Payroll Risks and Controls: Everything You Need to Know

Payroll Risks and Controls: Everything You Need to Know

Believe it or not, running payroll is a risky business The IRS estimates that 40% of small to medium-size businesses end up paying a payroll penalty each year. Whether you’re a large organization or a small one, there’s always a risk of payroll errors leading to fines, penalties and sometimes litigation. Protect yourself from fraud and human error Businesses that run payroll on their own, especially small businesses, are at a much higher risk of being disrupted by fraudulent activity and human error. From ghost employees to hour padding to buddy punching, when a company lacks the appropriate internal controls to manage its payroll, it can run into big trouble. Here are 6 common payroll risks and controls you can implement to mitigate...

401(k) Match Limits 2019: What Payroll Administrators  Need to Know

401(k) Match Limits 2019: What Payroll Administrators Need to Know

It’s a relatively small change, but it’s a change for payroll administrators to take notice of. As of November 2018, your employees’ contribution limits for their 401(k) increased to $19,000 from $18,500. The increase raises the total annual contribution amount (employee plus employer contribution) to $56,000 or 100% of the employee’s salary if they make less than that. Most companies typically offer 3-6% in matching funds, but there is no limit to the amount an employer can contribute as long as the annual cap isn’t reached. 2018 & 2019 401(k) Match Limits Defined Contribution Plan Limits 2019 2018 Difference Maximum employee contribution $19,000 $18,500 +$500 Catch-up contribution for employees aged 50 or older $6,000 $6,000 No...

Webinar: October Web Summit - Compliance from Hire to Retire

Webinar: October Web Summit - Compliance from Hire to Retire

From managing recruiting compliance data to accurately tracking employee hours, you need a partner who can offer the right technology plus expertise to help mitigate risk. Register for this webinar to see how Paycor can help prepare you for all of the compliance challenges in managing the employee lifecycle!We will be reviewing these 4 major areas of compliance: Recruiting Hiring Payroll People Management Speaker: Brett BeilfussBrett has been the Senior Bank Marketing Program Manager for Paycor for the past three years. He works exclusively with Paycor’s Bank and CPA referral partners, whose aim is to help their clients mitigate risk.

Webinar: October Web Summit - How to Design your PTO and Paid Leave Policies

Webinar: October Web Summit - How to Design your PTO and Paid Leave Policies

As companies seek to offer employees more flexible work arrangements, designing paid time off and paid leave policies has never been more challenging. In this session, we will unpack the imposing array of federal, state and local laws that must be considered when designing lawful and effective PTO and paid leave policies.Speaker: Katharine WeberKatharine is a Principal in the Cincinnati, Ohio, office of Jackson Lewis P.C. She has successfully assisted countless clients in handling their labor and employment issues in both Ohio and Kentucky. Her expertise also includes litigating wrongful discharge cases, managing discrimination cases, negotiating collective bargaining and severance agreements, advising management on employment relations...