4 Questions You Should Ask about Data Security
4 Questions You Should Ask about Data Security

4 Questions You Should Ask about Data Security

When considering an HR or payroll provider, security is paramount. To handle your HR functions and to process your company’s payroll, the provider has all of your employees’ most confidential and crucial data. You should be asking, “What do they do to protect it?” Here are four key questions you should ask any potential providers about security.

1. Do you have an outside review of your systems such as a SOC 1 or SOC 2? If so, how often and when was the most recent?

Service organizations that affect the financial statements of their clients are often asked to provide a SOC 1 or SOC 2 audit report. These voluntary audits are performed by outside firms and assess the security of the service provider. Examples of companies that typically have SOC 1 or SOC audits include payroll processors, data centers, medical claims processors and Software as a Service (SaaS) companies. For example, Paycor does a SOC 1 audit annually.

2. What are you doing to protect your systems against attacks from the outside or inside the company?

Attacks from the outside can compromise your sensitive data. The provider should conform to best practices to protect their infrastructure and your data. Some defense measures include:

* Layered network security
* Network traffic encryption according to industry standards
* Network traffic monitoring to identify suspicious-looking activity
* Auditing and notification capabilities
* Regular third-party penetration tests and security assessments

To prevent attacks from the inside, or from the service organization’s employees, ask them if they have confidentiality policies and regular mandatory training for all employees about how to keep client data secure.

3. What are you doing to protect against fraudulent activity?

Many of the defense measures listed above also come into play when it comes to protecting against fraudulent activity. However, best-in-class service providers may also implement the following in order to detect and prevent fraud:

* Internal auditing and quality assurance practices
* Secure document shredding services
* Independent reviews and audits
* Employee reference checking
* Clear policies and standards for employees

4. What is my role as a client or user, and what are my responsibilities when using your product?

Clients and providers must work together to protect sensitive employee data. It doesn’t matter how many controls the provider has in place if the client leaves passwords where anyone could find them, or does not have processes to catch errors or fraudulent activity on the part of their employees. Many data security mishaps can be avoided if clear expectations are set from the beginning.


Want to learn more about keeping your data secure? Connect with a Paycor representative to discuss how we protect your most sensitive information.

More to Discover

How to Avoid Payroll Tax Penalties in 2019

How to Avoid Payroll Tax Penalties in 2019

Employment laws are getting more complex and businesses are finding it harder to remain compliant. According to the IRS, 40% of small and medium-sized businesses are fined each year for failing to meet payroll tax regulations. These organizations are at risk because they tend to run payroll through manual processes and disconnected software, leading to miscalculations, incorrect filings and late withholdings deposits. If you’re a business leader and want to avoid fines and penalties, here’s what you need to know. What Payroll Taxes Are You Required to Pay? State and federal taxes include: Federal unemployment taxes: Employers must pay this tax based on the gross pay of all employees. These taxes can either be paid quarterly or annually...

Is Your Time and Attendance Solution Delivering Results?

Is Your Time and Attendance Solution Delivering Results?

Not all time and attendance solutions are created equal. Perhaps you’re manually keeping track of time cards or your automated time and attendance system isn’t living up to your expectations. Either way, it might be time to make a change. Modern time and attendance software should deliver results—mainly savings and accuracy—for any human resources department. Accurate Time Tracking Leads To Labor Cost Savings In any organization, employees usually are both the largest expense and the largest asset. Maintaining control of labor costs is critical to the overall bottom line and it all starts with accurate time tracking. According to the American Payroll Association (APA), organizations can experience anywhere between a 1% and 7% clerical...

2019 Compliance Changes

2019 Compliance Changes

It’s critical that you’re aware of all the tax changes that could affect your organization in 2019. This session will include frequently asked questions, an overview of federal and state withholding updates and trends we are seeing in areas of Tax and ACA compliance. Speakers: Arlene Baker and James Schwantes Arlene Baker is a Senior Compliance Analyst with over 40 years of payroll and tax experience. She’s a member of the National Payroll Reporting Consortium focusing on IRS compliance, and she’s been a member of the national and local APA for 25 years. In 2003, Arlene was awarded the Ohio Payroll Professional of the Year award. James Schwantes is a Compliance Analyst with a legal and tax background. Prior to working at Paycor in the...

Proposed Department of Labor Rule to Update Regular Rate Requirements

Proposed Department of Labor Rule to Update Regular Rate Requirements

In late March, the Department of Labor (DOL) announced a proposed rule to clarify and update the regulations governing the regular rate requirements under the Fair Labor Standards Act (FLSA). Unless exempt, an employee’s regular rate of pay is used to determine how much he or she should be paid for working overtime. The FLSA generally requires overtime pay of at least 1.5 times the regular rate for hours worked past 40 hours per week. The proposed rule details what forms of payment employers can exclude when determining an employee’s regular rate of pay. The cost of the following items would no longer apply: Tuition programs Discretionary bonuses Payment for unused paid leave Wellness programs, fitness classes, gym access, onsite...