4 Questions You Should Ask about Data Security
4 Questions You Should Ask about Data Security

4 Questions You Should Ask about Data Security

When considering an HR or payroll provider, security is paramount. To handle your HR functions and to process your company’s payroll, the provider has all of your employees’ most confidential and crucial data. You should be asking, “What do they do to protect it?” Here are four key questions you should ask any potential providers about security.

1. Do you have an outside review of your systems such as a SOC 1 or SOC 2? If so, how often and when was the most recent?

Service organizations that affect the financial statements of their clients are often asked to provide a SOC 1 or SOC 2 audit report. These voluntary audits are performed by outside firms and assess the security of the service provider. Examples of companies that typically have SOC 1 or SOC audits include payroll processors, data centers, medical claims processors and Software as a Service (SaaS) companies. For example, Paycor does a SOC 1 audit annually.

2. What are you doing to protect your systems against attacks from the outside or inside the company?

Attacks from the outside can compromise your sensitive data. The provider should conform to best practices to protect their infrastructure and your data. Some defense measures include:

* Layered network security
* Network traffic encryption according to industry standards
* Network traffic monitoring to identify suspicious-looking activity
* Auditing and notification capabilities
* Regular third-party penetration tests and security assessments

To prevent attacks from the inside, or from the service organization’s employees, ask them if they have confidentiality policies and regular mandatory training for all employees about how to keep client data secure.

3. What are you doing to protect against fraudulent activity?

Many of the defense measures listed above also come into play when it comes to protecting against fraudulent activity. However, best-in-class service providers may also implement the following in order to detect and prevent fraud:

* Internal auditing and quality assurance practices
* Secure document shredding services
* Independent reviews and audits
* Employee reference checking
* Clear policies and standards for employees

4. What is my role as a client or user, and what are my responsibilities when using your product?

Clients and providers must work together to protect sensitive employee data. It doesn’t matter how many controls the provider has in place if the client leaves passwords where anyone could find them, or does not have processes to catch errors or fraudulent activity on the part of their employees. Many data security mishaps can be avoided if clear expectations are set from the beginning.


Want to learn more about keeping your data secure? Connect with a Paycor representative to discuss how we protect your most sensitive information.

More to Discover

How to Pay 1099 Employees

How to Pay 1099 Employees

As the gig economy grows more employers are looking to hire independent contractors (aka 1099 workers). But since paying independent contractors isn’t a walk in the park, many employers are looking for step-by-step instructions. Here’s a breakdown of everything you need to know: How Do I Pay a 1099 Worker? This subject is something you will need to discuss in detail with the person you’re hiring for the job. Often, they will have a written contract that stipulates how and when they should be paid. The two most common methods of payment are hourly and by the job or project. Some independent contractors — such as attorneys — prefer to be paid on retainer, which means you pay them a lump sum at the beginning of each month in return for a...

States with Salary History Bans

States with Salary History Bans

Requesting job applicants’ salary histories has been a pretty common practice for employers over the years. Recruiters and hiring managers often use this knowledge to exclude people from the candidate pool, either because the applicant is “too expensive” or their previous salary is so low, hiring managers think the person is poorly qualified or inexperienced.Businesses have also used previous salary information to calculate new hire compensation—a process that can perpetuate pay disparity between women and men. To address this inequality, several states and municipalities have enacted bans on asking for previous salary information, although laws vary in terms, scope and applicability. The states and territories that have enacted salary...

Case Study: Buy Sod

Case Study: Buy Sod

Buy Sod Inc. Partners with Paycor to Pay Employees & Maintain Tax Compliance “Because we’re a niche company, our administrators sometimes have trouble uncovering and implementing best practices. But when we partnered with Paycor they brought the expertise and thought leadership to help us overcome tough challenges like the new EEO-1 report. Paycor has the patience, knowledge and resources to help us stay ahead of problems and grow.” - Jennifer Hillard, Director of People and Culture Why Buy Sod Inc. Chose Paycor In 2002, three family businesses came together to create a network of sod farms that operate and distribute around the country. But with ten locations and eighteen different payrolls to process, Buy Sod Inc. struggled to...

Webinar: Compliance in 2020: What You Need to Know

Webinar: Compliance in 2020: What You Need to Know

A new year brings new compliance issues employers should be monitoring at the federal, state and local levels. To help your organization prepare for what’s ahead, our compliance team will outline key changes in 2020 and trends in the areas of payroll, tax and HR compliance.Speakers: Arlene Baker and James SchwantesArlene Baker is a Senior Compliance Analyst with over 40 years of payroll and tax experience. She’s a member of the National Payroll Reporting Consortium focusing on IRS compliance, and she’s been a member of the national and local APA for 25 years. In 2003, Arlene was awarded the Ohio Payroll Professional of the Year award. James Schwantes is a Compliance Analyst with a legal and tax background. Prior to working at Paycor in...