The Anatomy of Data Protection
The Anatomy of Data Protection

The Anatomy of Data Protection

Everyday people from all over the world with malicious intent are trying to steal your sensitive information. These plans can be executed in a variety of different ways whether it’s phishing, malware that monitors your keystrokes, a virus that downloads your saved passwords, hacking of a site where you’ve used a similar password, or numerous other possibilities. At no time is this more prevalent than at the end of the year. The goal of this article is to help you understand these threats and give you the tools to mitigate them, especially during this season when heightened security is needed.

Threats

Malware & Viruses

Malware and viruses, like your average cold, spread from computer to computer inflicting pain. Unfortunately, there is no vaccine or tool that will ever eradicate this problem, but you can take a few steps to limit your risk. First, practice good security hygiene - don’t use the same password on multiple sites and try not to visit sites that are high risk. Second, use an anti-virus program. Lastly, use common sense and be on the lookout for suspicious activity on your computer.

Phishing

Phishing is the attempt to obtain sensitive information for malicious reasons by posing as a trustworthy person or company. This is often done through an electronic communication, such as email, phone call, or website link. Some things to watch out for are:

  • an appeal to authority (“I’m a police officer…”),
  • an appeal to shared experience (“On behalf of Facebook…”),
  • an appeal to urgency (“We need this information today…”),
  • an appeal to emotion (“You’ve won an award for your work…”)
  • threats of harm (“Sally’s house might be foreclosed if we can’t get this information…”), and
  • other suspicious qualities (a foreign accent, bad spelling, website links).

The overall callout here is to be cautious. Some additional precautions to consider are to:

  • hover over links of emails and view the target address before clicking them,
  • only enter sensitive information, including login credentials, into a secure website (https) and never enter it into a non-secure website (http),
  • when entering sensitive information, always be sure that the website has the address you would expect. For example, most legitimate sites will always end with “the name of the company.com”. If there is anything before the .com that you do not expect, hesitate and investigate before entering sensitive data.

Protecting Your Tax Documents

One type of attack that is gaining significant traction is the impersonation of executives at an organization through email. There have been a myriad of news stories surrounding successful attacks and the loss of sensitive data when employees have fallen victim to this type of attack. One specific example, of this attack is an email that seems to have come from a CEO asking the recipient to reply with the W-2 information of all internal employees. The attackers are getting more and more sophisticated and are specifically targeting employees that they expect to have access to sensitive information. Please be careful if you receive an email like this. It is highly unlikely that a senior leader at your company would ask you for this information in this way or be frustrated by your cautiousness in handling such a request.

Protecting Your Money

A similar attack is impersonation of employees. This may be the oldest variety of social engineering, but it is effective. A common form is a spoofed email or phone call from an employee asking that you change her bank account information. If you get a communication like this, be on high alert and make sure the person you are talking to is the person you think it is and not a criminal ready to walk away with your money.

Using the Right Security Tools

Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a foundational security control supported by Paycor that helps prevent successful attacks involving compromised credentials. Paycor allows clients to utilize this security control in three different varieties: (1) Google Authenticator, (2) phone – text or call, and (3) email.

Google Authenticator is one of the most secure MFA controls on the market and is supported by Paycor. At a high level, it is a time-based, one-time password in the form of a rolling code generated through the Google Authenticator application (which can be downloaded through the app store) used to verify users at login.

Phones offer the next best MFA control that Paycor supports. Users can authenticate at login through text (SMS) or through a phone call.

Email is also an MFA control that Paycor supports. Similar to phone verification, users can authenticate at login by entering the unique one-time code that is sent to their email inbox.

Direct Deposit Notifications

Direct Deposit Notification is a service that Paycor provides to its clients by default for free. This service empowers our clients by sending their employee users proactive notifications of direct deposit account changes so that suspicious changes can be bubbled up to our clients for additional review and, if necessary, escalated through our clients to Paycor for further review and fraud prevention.

Going Further

MFA for your email

Many people use their email inbox consciously or unconsciously as a storage location for sensitive information (e.g. login credentials, banking information, documents containing you Social Security Number, etc.). This has made email inboxes a target for malicious individuals seeking sensitive information. One thing that you can do to help protect your inbox is to investigate available security controls. Major email providers like Google (Gmail) and Yahoo offer MFA controls that can be setup to further mitigate your risk of having your data stolen.

File Your Taxes Early

With breaches being announced every day in the news, it is possible that your information is already in the hands of someone who shouldn’t have it. The best thing you can do to prevent its misuse is to limit the value of the information. Many times compromised information is used for tax fraud. By filing your taxes as soon as possible, you beat the bad guys to the IRS, significantly reducing the value of the information and giving the authorities a better chance of catching them.

Spread the Word

The healthier your community is the less likely it is that you will get sick. This is true when it comes to computers too. Share your security awareness knowledge with family, friends, and coworkers.

For More Information…

If you are interested in finding out more information about how you can keep your company safe, please visit Paycor Security.

More to Discover

Taking the Guesswork out of Employee Pay - Part 1

Taking the Guesswork out of Employee Pay - Part 1

Deep Dive - External Equity and Market Pricing Feel more comfortable with how you determine employee pay at your company by learning how to align market pricing with your business strategy, understanding survey data and market pricing steps. Speakers: Christine Ippolito & Joanna Hall Christine Ippolito, SPHR, SHRM-SCP - Christine is the Founder and Principal of Compass Workforce Solutions, LLC, a consulting firm providing strategic human resource expertise to small businesses to reduce exposure and increase profitability. She has served clients in a leadership capacity for 25 years in multiple industries and environments within Fortune 250, venture capital and equity-backed companies, as well as privately held and family-owned...

Taking the Guesswork out of Employee Pay - Part 2

Taking the Guesswork out of Employee Pay - Part 2

Deep Dive - Creating Base Pay Structure to Achieve External and Internal Equity Take what you learned about market pricing in Part 1 to the next level in Part 2 of creating a base pay structure by learning the steps and considerations in building a base pay structure. You will learn the different approaches that may be used to build a base pay structure and how to maintain your base pay structure and evaluate for effectiveness. Speaker: Christine Ippolitto Christine Ippolito, SPHR, SHRM-SCP - Christine is the Founder and Principal of Compass Workforce Solutions, LLC, a consulting firm providing strategic human resource expertise to small businesses to reduce exposure and increase profitability. She has served clients in a leadership...

Understanding FMLA Regulations

Understanding FMLA Regulations

What is the Family Medical Leave Act (FMLA?) The Family and Medical Leave Act (FMLA) is a federal law that allows eligible employees to take up to 12 weeks of unpaid leave in any given 12-month period for certain medical and family reasons without fear of losing their job. Signed into law in 1993, the FMLA is designed to help employees balance their work and family responsibilities while promoting equal employment opportunity for men and women. Who is Eligible for FMLA? An employee is eligible for FMLA leave if he or she has worked for a covered employer at least 12 months, completed at least 1,250 hours of work during the past 12 months and worked at a location within 75 miles of where the company employs 50 or more people. Keep in...

The Turnover Crisis in Restaurants

The Turnover Crisis in Restaurants

An Action Plan for Owners and Operators Restaurants across the country are experiencing high volumes of turnover at an alarming rate. In 2016, turnover exceeded 70% for the second consecutive year, and the turnover rate in the fast-food industry reached 150%, the highest since data was first captured in 1995*. With record numbers of restaurants and more jobs to choose from, employees are willing to take risks to find the right fit. The demand for restaurant workers isn’t going away, so it’s critical to find the right HCM provider who can help solve your HR challenges with the right combination of technology and expertise. More than 3,000 restaurants across the country depend on Paycor to help onboard new hires, pay them accurately and...