4 Questions You Should Ask about Data Security
4 Questions You Should Ask about Data Security

4 Questions You Should Ask about Data Security

When considering an HR or payroll provider, security is paramount. To handle your HR functions and to process your company’s payroll, the provider has all of your employees’ most confidential and crucial data. You should be asking, “What do they do to protect it?” Here are four key questions you should ask any potential providers about security.

1. Do you have an outside review of your systems such as a SOC 1 or SOC 2? If so, how often and when was the most recent?

Service organizations that affect the financial statements of their clients are often asked to provide a SOC 1 or SOC 2 audit report. These voluntary audits are performed by outside firms and assess the security of the service provider. Examples of companies that typically have SOC 1 or SOC audits include payroll processors, data centers, medical claims processors and Software as a Service (SaaS) companies. For example, Paycor does a SOC 1 audit annually.

2. What are you doing to protect your systems against attacks from the outside or inside the company?

Attacks from the outside can compromise your sensitive data. The provider should conform to best practices to protect their infrastructure and your data. Some defense measures include:

* Layered network security
* Network traffic encryption according to industry standards
* Network traffic monitoring to identify suspicious-looking activity
* Auditing and notification capabilities
* Regular third-party penetration tests and security assessments

To prevent attacks from the inside, or from the service organization’s employees, ask them if they have confidentiality policies and regular mandatory training for all employees about how to keep client data secure.

3. What are you doing to protect against fraudulent activity?

Many of the defense measures listed above also come into play when it comes to protecting against fraudulent activity. However, best-in-class service providers may also implement the following in order to detect and prevent fraud:

* Internal auditing and quality assurance practices
* Secure document shredding services
* Independent reviews and audits
* Employee reference checking
* Clear policies and standards for employees

4. What is my role as a client or user, and what are my responsibilities when using your product?

Clients and providers must work together to protect sensitive employee data. It doesn’t matter how many controls the provider has in place if the client leaves passwords where anyone could find them, or does not have processes to catch errors or fraudulent activity on the part of their employees. Many data security mishaps can be avoided if clear expectations are set from the beginning.


Want to learn more about keeping your data secure? Connect with a Paycor representative to discuss how we protect your most sensitive information.

More to Discover

RISE Web Summit: The Humble Employee Handbook is Actually an Important Risk Prevention Tool

RISE Web Summit: The Humble Employee Handbook is Actually an Important Risk Prevention Tool

Why are Employee Handbooks so important? If written properly, they could be a valuable tool in the workplace. If written poorly, can cause confusion, inconsistency and increased litigation. We will discuss recent rulings highlighting this topic and provide what to include in your organization's humble employee handbook.

RISE Web Summit: Auditing Your Employment Policies and Practices

RISE Web Summit: Auditing Your Employment Policies and Practices

It seems like you need to be a lawyer to run a business these days doesn’t it? Thankfully, you don’t. But you do have to stay on top of the ever changing employment law landscape and the trends in employment law claims, both on the federal and state level. There is no better way to rise above the risk of being hit with a class action, a DOL complaint, or a harassment or discrimination lawsuit than periodically auditing your employment policies and practices. Join us for this session and we’ll teach you the steps to take and what to look for as you conduct your audit.

RISE Web Summit: Benefits Compliance: Rise Above Common Pitfalls

RISE Web Summit: Benefits Compliance: Rise Above Common Pitfalls

Compliance with IRS and DOL regulations goes well beyond your major medical and 401(k) plan. From ERISA to COBRA to Section 125 Plans, learn how to avoid (or address) the most common compliance pitfalls BPC has seen over 4 decades of service as a third party administrator. In this session you will hear real life stories and practical tips for keeping your benefits program on the straight and narrow.

RISE Web Summit: The Art of Compliance

RISE Web Summit: The Art of Compliance

HR compliance, tax compliance, OSHA compliance – fill in the blank! Compliance can feel like a Picasso painting or maybe more like a self-destructing Banksy. If you’ve felt the same way, join us as we discuss best practices for designing and molding a robust compliance function. Along the way we’ll share how you can mitigate risk, structure teams, and ultimately transform compliance into a masterpiece.