4 Questions You Should Ask about Data Security
4 Questions You Should Ask about Data Security

4 Questions You Should Ask about Data Security

When considering an HR or payroll provider, security is paramount. To handle your HR functions and to process your company’s payroll, the provider has all of your employees’ most confidential and crucial data. You should be asking, “What do they do to protect it?” Here are four key questions you should ask any potential providers about security.

1. Do you have an outside review of your systems such as a SOC 1 or SOC 2? If so, how often and when was the most recent?

Service organizations that affect the financial statements of their clients are often asked to provide a SOC 1 or SOC 2 audit report. These voluntary audits are performed by outside firms and assess the security of the service provider. Examples of companies that typically have SOC 1 or SOC audits include payroll processors, data centers, medical claims processors and Software as a Service (SaaS) companies. For example, Paycor does a SOC 1 audit annually.

2. What are you doing to protect your systems against attacks from the outside or inside the company?

Attacks from the outside can compromise your sensitive data. The provider should conform to best practices to protect their infrastructure and your data. Some defense measures include:

* Layered network security
* Network traffic encryption according to industry standards
* Network traffic monitoring to identify suspicious-looking activity
* Auditing and notification capabilities
* Regular third-party penetration tests and security assessments

To prevent attacks from the inside, or from the service organization’s employees, ask them if they have confidentiality policies and regular mandatory training for all employees about how to keep client data secure.

3. What are you doing to protect against fraudulent activity?

Many of the defense measures listed above also come into play when it comes to protecting against fraudulent activity. However, best-in-class service providers may also implement the following in order to detect and prevent fraud:

* Internal auditing and quality assurance practices
* Secure document shredding services
* Independent reviews and audits
* Employee reference checking
* Clear policies and standards for employees

4. What is my role as a client or user, and what are my responsibilities when using your product?

Clients and providers must work together to protect sensitive employee data. It doesn’t matter how many controls the provider has in place if the client leaves passwords where anyone could find them, or does not have processes to catch errors or fraudulent activity on the part of their employees. Many data security mishaps can be avoided if clear expectations are set from the beginning.


Want to learn more about keeping your data secure? Connect with a Paycor representative to discuss how we protect your most sensitive information.

More to Discover

CMS Waives Quality Reporting Requirements Due to COVID-19

CMS Waives Quality Reporting Requirements Due to COVID-19

Many government officials are worried the Coronavirus outbreak will overburden the U.S. healthcare system. In a drastic effort to help healthcare providers focus on patient care rather than paperwork, the Center for Medicare & Medicaid Services (CMS) will waive multiple key quality reporting requirements. What Does CMS Waiving Reports Mean for Healthcare Providers? Q4 Reporting Deadlines Are Now Optional The deadlines for 2019 data submission for the Medicare Shared Savings Program, the Quality Payment Program, and affiliated merit-based incentive program (MIPS) will be extended from March 31 to April 30, 2020. MIPS eligible clinicians who miss the April 30 deadline will qualify for the automatic and uncontrollable circumstances...

How to Make Tax-Free Disaster Payments To Employees

How to Make Tax-Free Disaster Payments To Employees

The pandemic is putting a big strain on everyone, maybe most of all your team, and you want to do everything you can to help.In a national emergency, employers have the freedom to offer unlimited tax-free financial assistance to employees who need it, with minimal administrative burdens. These disaster payments will be exempt from both federal income and employment taxes. What Disaster Payments Cover Disaster payment to affected employees can cover a broad range of “personal, family, living or funeral expenses (not covered by insurance)”. These may include: Unreimbursed Medical Expenses This can range from vitamins and over-the-counter medications to co-pays. Cleaning Products Disinfectant and hand-sanitizer for employee’s homes can help...

Paycheck Protection Program (PPP): What You Need to Know About Payroll Protection

Paycheck Protection Program (PPP): What You Need to Know About Payroll Protection

You need payroll protection. The federal government wants to help. Here’s what you need to know. The Paycheck Protection Program (PPP) As part of the $2 trillion aid package unveiled in the Coronavirus Aid Relief & Economic Security (CARES) Act, $349 billion was dedicated to the Payment Protection Program (PPP). This offers federal guaranteed loans to businesses with fewer than 500 employees to cover payroll and other essential costs.The federal government is focused on releasing funds quickly and with as little red tape as possible, giving small businesses a big boost right when they need it. And here’s the best part—if you use the funds to retain (or rehire) your employees, the loans don’t need to be repaid.View Payroll Protection...

Paycor's COVID-19 Command Center

Paycor's COVID-19 Command Center

We're excited to announce the release of Paycor's COVID-19 Command Center, a new analytics solution that delivers instant insights for crisis management. With the COVID-19 Command Center, you'll be able to: Prepare with real time insights Plan with actionable data Respond with the help of HR experts Recover quickly by playing the long game now Discover how your organization can make the best possible decisions with real time data, actionable insights and expert HR counsel.