test 33 
Paycor Security: How We Keep You Safe
Skip to content

Can your employees trust you?

As an HR manager, your employees trust you to keep their information safe. But do you have the same level of faith in your HCM provider? HR databases are the ideal target for hackers. They contain the critical information hackers prey on including: Social Security numbers, bank account numbers, check stubs, and family information. With hackers collecting more information by the day, does your HCM provider have the right defenses in place to protect your data?

Can Your HCM Provider Protect Your Data?

Why Data Security Is Important

As an HR manager, your employees trust you to keep their information safe. But do you have the same level of faith in your HCM provider? HR databases are the ideal target for hackers. They contain the critical information hackers prey on including: Social Security numbers, bank account numbers, check stubs, and family information.

With hackers collecting more information by the day, does your HCM provider have the right defenses in place to protect your data?

Does Your Provider Utilize These Security Measures to Keep Your Data Safe?

Now’s the time to ask tough questions about how they’re keeping your employee’s information secure.

Paycor carries a SOC 2 Type 2 under Trust Principles of Security, Processing Integrity, Availability, and Confidentiality. This audit performed by an AICPA certified firm that works to attest our operational maturity under the listed Trust Principles. The SOC 2 Type 2 does ensure implementation of an information security management system, includes procedures to ensure info sec in outsourced data processing, and includes implementation of a business continuity management system. 

Multi Factor Authentication

This safeguard helps to eliminate employees from recycling the same password on multiple platforms. To access the database, users are required to enter their username and password and complete a variety of authentication requirements like email, text message, phone call, or biometric identification.

Dedicated Risk Assessment Team

Cybersecurity threats are constantly evolving and becoming more complex. It takes a dedicated team to implement and test new security protocols and prevent secure data from falling into the wrong hands.

Google Authenticator

Google Authenticator provides users with a randomized six-digit code that must be retrieved and entered to access information. Increased authentication eliminates the risk of an email or phone number that has been compromised from phishing or hacking.

Company Controlled Laptops

Do you know if your provider allows employees to use their own device or laptop to access your information? Requiring employees to use secure, encrypted, company controlled laptops ensures your data is protected from hackers.

Data Encryption

Transferring sensitive data across platforms can pose great risk. Most companies and HCM providers encrypt their data in transit to make it useless to hackers, but your sensitive data could still be compromised while idle. Ensure that your HCM provider has database level encryption to protect your information.

Paycor Security: How We Protect Your Data

Paycor is serious when it comes to keeping client payroll and personal information confidential and secure.

Intrusion DetectionIntrusion Detection and Intrusion Prevention SystemOur servers and networks are stored in enterprise-class data centers that can detect patterns and signatures of malicious activity. Our infrastructure is fully redundant with continuous live backups ensuring data consistency and reliability.
EncryptionIndustry Leading EncryptionPaycor encrypts every endpoint where customer data is stored. This includes disk level encryption to prevent files from being transferred from a company laptop or server if the device is stolen. Paycor also encrypts data at the file level to prevent online database breaches.
Threat DetectionAdvanced Threat DetectionOur Advanced Threat Detection feature combats “zero day” viruses that are still unknown by the cyber security community. It uses behavioral analytics like file access patterns to proactively isolate the infected endpoints before data breach occurs.
Data EncryptionVulnerability ScanningPaycor has its own dedicated security team that performs vulnerability scans and penetration tests across our entire network. We also rotate third party software companies to perform software scans on our network twice per year.

Keeping your employee’s information safe and payments accurate takes shared responsibilities.

Follow these basic tips:

  • Use a strong and unique password for paycor.com
  • Guard your email account and mobile device for two-step authentication
  • Do not share your password with anyone
  • Keep your antivirus, web-browsers, and operating system up to date with security patches
  • Be cognizant of phishing and malware emails
  • Only use trusted devices and be careful of free WIFI
  • Let us know if you have concerns about your account security

For further details about doing your part and keeping your employees safe, please view the resources below:

How to Keep Your Account Safe

Your account has access to great deals of information. Whether it is only your personal information, or all employees, it is critical to have controls protecting this access. Continue reading »

Device Security

Computer malware can cause a significant security issue to your company. Modern malware steals usernames, passwords, and can even allow a malicious user to send traffic directly through your computer. These are some general suggestions to keeping your device safe. Continue reading »

What is Phishing?

“Phishing” is a situation where an individual receives a fraudulent email that appears to be sent by a trusted vendor in order to steal personal information. Phishing attempts can be very convincing as the web site requesting information can seem very similar to the legitimate vendor’s site. There are some best practices that Paycor recommends to prevent you or your employees from becoming victims to this type of attack.

  1. Validate the sender: When you receive emails from Paycor, ensure that the address ends in @paycor.com.
  2. Validate the URL: When entering your username and password, check the URL in the browser to ensure that it is indeed the correct address and that it is protected with “HTTPS” at the front of the URL.
  3. Look for inconsistencies: Oftentimes, phishing attempts can contain subtle differences in the design of the site. Be sensitive to nuances such as misspellings or poor graphics.
  4. Look for threats: Phishing attempts often warn of bad consequences if an action is not taken immediately or within a certain period time.
  5. Enable Multi-Factor Authentication: Multi-factor authentication is an additional and significantly effective security measure that requires a “second factor” such as a secure code to authenticate.
  6. Ensure a strong password: We recommend your password include a combination of lower and upper-case characters, numbers and other symbols.
  7. It is important to note that Paycor will never request that your username or password be sent via email.

We utilize SMS or email-based two-step authentication as an added protection for signing in. Our applications offer workflows and generate notifications for high-risk changes like direct deposit changes or account lockouts.

What Should I Do If I Receive a Suspicious Email?

If you or your employees have received a suspicious email, we recommend that you delete it immediately. If you or your employees have entered information such as username, password, or other confidential information into a suspicious site, we recommend that the password for the account is changed immediately. Please contact your specialist with additional questions.

Paycor Customer Alert: Fraudulent Unemployment Claims

We’ve learned that some Paycor customers are receiving questionable unemployment claims and are seeking authentication from us. After reviewing our internal systems, we’ve confirmed these fraudulent unemployment claim verifications are not connected with Paycor and aren’t related to any previous incidents.
As an employer, you may receive a request to verify unemployment claims for several reasons. Paycor is unable to confirm the validity of these claims, but common scenarios include:

  • An employee who was terminated or furloughed filed a claim.
  • An employee filed a claim while they still work for you.
  • Someone stole a former employee’s ID and filed a claim for the time that employee worked for you.

If you think your organization or one of your employees was a victim of unemployment fraud, alert your state’s Department of Labor.


As part of Paycor’s Incident Response Process, we took steps to validate the threat immediately upon learning of the disclosure. As part of that investigation, we have confirmed that Paycor was not impacted by the SolarWinds data breach. We continue to closely monitor the situation.

At Paycor, one of our guiding principles is to Take Care of Customers First, so we will continue to monitor this situation as your data security is a top priority. For an overview on how Paycor protects your data, click here.