4 Questions You Should Ask about Data Security
4 Questions You Should Ask about Data Security

4 Questions You Should Ask about Data Security

When considering an HR or payroll provider, security is paramount. To handle your HR functions and to process your company’s payroll, the provider has all of your employees’ most confidential and crucial data. You should be asking, “What do they do to protect it?” Here are four key questions you should ask any potential providers about security.

1. Do you have an outside review of your systems such as a SOC 1 or SOC 2? If so, how often and when was the most recent?

Service organizations that affect the financial statements of their clients are often asked to provide a SOC 1 or SOC 2 audit report. These voluntary audits are performed by outside firms and assess the security of the service provider. Examples of companies that typically have SOC 1 or SOC audits include payroll processors, data centers, medical claims processors and Software as a Service (SaaS) companies. For example, Paycor does a SOC 1 audit annually.

2. What are you doing to protect your systems against attacks from the outside or inside the company?

Attacks from the outside can compromise your sensitive data. The provider should conform to best practices to protect their infrastructure and your data. Some defense measures include:

* Layered network security
* Network traffic encryption according to industry standards
* Network traffic monitoring to identify suspicious-looking activity
* Auditing and notification capabilities
* Regular third-party penetration tests and security assessments

To prevent attacks from the inside, or from the service organization’s employees, ask them if they have confidentiality policies and regular mandatory training for all employees about how to keep client data secure.

3. What are you doing to protect against fraudulent activity?

Many of the defense measures listed above also come into play when it comes to protecting against fraudulent activity. However, best-in-class service providers may also implement the following in order to detect and prevent fraud:

* Internal auditing and quality assurance practices
* Secure document shredding services
* Independent reviews and audits
* Employee reference checking
* Clear policies and standards for employees

4. What is my role as a client or user, and what are my responsibilities when using your product?

Clients and providers must work together to protect sensitive employee data. It doesn’t matter how many controls the provider has in place if the client leaves passwords where anyone could find them, or does not have processes to catch errors or fraudulent activity on the part of their employees. Many data security mishaps can be avoided if clear expectations are set from the beginning.


Want to learn more about keeping your data secure? Connect with a Paycor representative to discuss how we protect your most sensitive information.

More to Discover

HR

Ban the Box: State-by-State

Ban the Box: State-by-State

One in Three American Adults Have a Criminal History In the past, having a criminal history prevented some potentially great job candidates from being hired, regardless of how long ago the crime took place, how minor the infraction was, or how good of a fit they might be for the role. When you consider that an estimated 70 million Americans—one in three Americans who are of working age—have some kind of criminal history, it’s not difficult to understand how requiring a squeaky-clean record could become problematic for some jobs. Even People Without Convictions Can Be Discriminated Against Many criminal background checks fail to distinguish between someone being arrested or charged and actually being convicted. Potential employees are...

HR

Are Domestic Partner Benefits Mandatory?

Are Domestic Partner Benefits Mandatory?

A Brief History: Only What You Need to Know The roots of domestic partner benefits stretch way back to 1982, when the City of San Francisco enacted legislation to offer health insurance coverage to the same or opposite sex partners of its unmarried employees. “Domestic partner” soon became the official legal term used by insurers and private and public employers. Also, in 1982, New York City newspaper The Village Voice became the first private employer to offer domestic partner health care benefits. Many other companies and municipalities followed suit. Fast forward to more than 30 years later when, in 2015, the United States Supreme Court ruled that domestic partner benefits apply to both same-sex and unmarried opposite-sex couples....

Managing Contractor Payroll: What You’ll Need to Know

Managing Contractor Payroll: What You’ll Need to Know

As a business owner, it’s a given that you’re expected to pay your employees accurately and on time. But something almost as important is making sure you don’t pay your contract or freelance workers the same way you pay employees. Let’s clarify. Independent contractors are not classified as employees by the Internal Revenue Service (IRS), so instead of being paid through your payroll system, they’re paid separately as a business expense. When your business requires hiring both employees and independent contractors, it’s important that you understand the distinctions between the two. Why? Three letters: IRS. FLSA – How to Classify Employees and Independent Contractors The IRS looks at the business relationship your company has with a...

Case Study: FRG

Case Study: FRG

A poor implementation experience, a lack of consistent customer service and a time-consuming payroll process led FRG to find a more dependable HR & payroll partner. Now with Paycor, FRG can track critical documents for each brand and employee, receive notifications when documents are set to expire and store them within one, accessible system. Explore the case study and learn how Paycor helped FRG save 15+ hours processing payroll each pay period with a streamlined process and enhanced user experience.