4 Questions You Should Ask about Data Security
4 Questions You Should Ask about Data Security

4 Questions You Should Ask about Data Security

When considering an HR or payroll provider, security is paramount. To handle your HR functions and to process your company’s payroll, the provider has all of your employees’ most confidential and crucial data. You should be asking, “What do they do to protect it?” Here are four key questions you should ask any potential providers about security.

1. Do you have an outside review of your systems such as a SOC 1 or SOC 2? If so, how often and when was the most recent?

Service organizations that affect the financial statements of their clients are often asked to provide a SOC 1 or SOC 2 audit report. These voluntary audits are performed by outside firms and assess the security of the service provider. Examples of companies that typically have SOC 1 or SOC audits include payroll processors, data centers, medical claims processors and Software as a Service (SaaS) companies. For example, Paycor does a SOC 1 audit annually.

2. What are you doing to protect your systems against attacks from the outside or inside the company?

Attacks from the outside can compromise your sensitive data. The provider should conform to best practices to protect their infrastructure and your data. Some defense measures include:

* Layered network security
* Network traffic encryption according to industry standards
* Network traffic monitoring to identify suspicious-looking activity
* Auditing and notification capabilities
* Regular third-party penetration tests and security assessments

To prevent attacks from the inside, or from the service organization’s employees, ask them if they have confidentiality policies and regular mandatory training for all employees about how to keep client data secure.

3. What are you doing to protect against fraudulent activity?

Many of the defense measures listed above also come into play when it comes to protecting against fraudulent activity. However, best-in-class service providers may also implement the following in order to detect and prevent fraud:

* Internal auditing and quality assurance practices
* Secure document shredding services
* Independent reviews and audits
* Employee reference checking
* Clear policies and standards for employees

4. What is my role as a client or user, and what are my responsibilities when using your product?

Clients and providers must work together to protect sensitive employee data. It doesn’t matter how many controls the provider has in place if the client leaves passwords where anyone could find them, or does not have processes to catch errors or fraudulent activity on the part of their employees. Many data security mishaps can be avoided if clear expectations are set from the beginning.


Want to learn more about keeping your data secure? Connect with a Paycor representative to discuss how we protect your most sensitive information.

More to Discover

What are Supplemental Unemployment Benefits?

What are Supplemental Unemployment Benefits?

Reductions in force are unavoidable in economic downturns, but are traditional severance packages the way to go? They can be a big hit to your company’s cash flow and are subject to payroll taxes. The tax-friendlier option, Supplement Unemployment Benefits plans (SUBS), can spread out costs and deliver the same value for the employee, too. How Do Supplemental Unemployment Benefits Plans Work? SUBs got popular in the ‘50s as a way to help workers in industries with cyclical employment patterns get a more steady income. SUBs were often fought for in collective bargaining agreements. They’re growing in popularity again across industries. Under a SUB plan, in the event of a Reduction in Force (RIF) or temporary unemployment due to training,...

Take Our HR Benchmarking Quizzes

Take Our HR Benchmarking Quizzes

Paycor's research shows that 75% of high-functioning HR teams spend their time on mastering key pillars of HR excellence. Want to know how your team stacks up against others? Take our benchmarking quizzes to find out and get customized action plans based on your results. Recruiting Benchmark Quiz Benefits Benchmark Quiz Labor Costs Benchmark Quiz People Management Benchmark Quiz Compliance Benchmark Quiz

Remote Work Policy - Information Security Template

Remote Work Policy - Information Security Template

To make remote work successful, HR needs to think through risk mitigation policies, especially if it’s new to your organization. One of the biggest issues to consider is information security. It’s important that your remote workers know what to do in case of a security breach or data loss. Download Remote Work Information Security Policy Template Why Information Security is Important for a Virtual Workforce Protecting your company’s data (and the data of your clients) is hard enough when everyone’s working in the same office. It gets more difficult in a distributed, virtual environment. When an employee is offered the opportunity to work remotely, you may want them to sign an initial work from home agreement covering the general...

COVID-19 ADA Requirements

COVID-19 ADA Requirements

UPDATE JUNE 22: Updated EEOC guidance states that “requiring antibody testing before allowing employees to re-enter the workplace is not allowed under the ADA”. What is the ADA? The Americans with Disabilities Act (ADA) is a federal law that provides protection to disabled workers. The ADA prohibits employers from discriminating against employees on the basis of a physical or mental disability. This legislation applies to any business with at least 15 employees and prohibits discrimination against those with disabilities in all aspects of employment. How does the Coronavirus pandemic impact ADA compliance? Short answer, we don’t know yet. The Americans with Disabilities Act (ADA): The Basics The ADA broadly prohibits discrimination in...