Encryption, firewalls, passwords and clouds: If these terms make your eyes glaze over, we understand. But they’re critical when it comes to protecting your sensitive data, especially when you’ve outsourced your payroll to a third-party provider.
To sleep soundly at night, you want certainty your payroll partner is safeguarding your data. Andrew Spidle, Director of IT, weighs in on three key areas you should ask about and understand. Spidle boasts 22 years IT experience and has been with Axcet HR Solutions for more than 11 years.
Your outsourced payroll provider should have multiple security measures in place to prevent unauthorized viewing of information going back and forth between you and them, including:
- Encrypted email: Your provider should maintain its email servers in-house in a secure environment, and email between servers should be transmitted over a secure connection.
- Encrypted sensitive information: Sensitive employee data should be encrypted with a password before it is electronically transmitted anywhere so that only authorized individuals may access it. Axcet HR Solutions also encourages clients and business partners to use passwords when sending documents to reduce the risk of compromising sensitive data.
Another security measure we take is reminding our clients to train their employees to recognize “phishing” emails and to avoid clicking on suspicious emails or file attachments. Hackers commonly use phishing emails to steal data and deploy damaging ransomware and malware.
Consider these sobering statistics from the Ponemon Institute’s 2017 State of Cybersecurity in Small and Medium-Sized Businesses Report: The percentage of small businesses that experienced a cyber attack rose from 55 percent in 2016 to 61 percent in 2017, at a cost of $2.235 million. That figure is comprised of malware-related costs from damage or theft of IT assets and disruption to normal business operations. And, according to the 2018 Verizon Data Breach Investigations Report, 92.4 percent of malware is delivered via email and 58 percent of malware attack victims are small businesses.
- Secure file transfer: Using the latest web security on client interfaces and file upload/download portals reduces the ability for hackers to monitor communications between you and your payroll provider.
- Identity validation: Your payroll partner should authenticate information from a personnel file before engaging in conversation with someone who claims to be one of your employees. A common method of stealing an identity is to trick service providers into revealing information about an individual by pretending to be that person. Your provider’s employees should be trained to avoid such scams and be regularly tested in verification methods.
Your payroll provider should require its employees to complete intensive, ongoing security training, emphasizing the importance of secure passwords and emails, computer protection and how to avoid phishing and identity theft scam. At Axcet, employees must pass a test on each of these topics. Afterward, they are randomly tested with real-life situations through simulated hacking, phishing email scams and “vishing” phone calls. Any failures throughout their Axcet careers are remediated with additional training and practice scenarios.
Axcet also strictly adheres to a “clean desk” policy, explicitly described in our handbook, that prohibits employees from leaving out any exposed client information after work hours.
Secure Data Storage
For your added peace of mind, your payroll partner should maintain its own cloud environment and multi-layered security. The company should retain full control, all the way from the cloud application itself to physical access to the servers, so that no one can access the data or the facilities without the provider’s direct knowledge.
Because Axcet HR Solutions maintains its own cloud, we do not have to compromise our high standards or meet the lowest common requirement due to other “tenants” who share physical hardware in a public cloud environment. Our client data are surrounded by security layers that include firewalls, network security, access control and a locked room where our servers are located. Clients’ raw data are structured to prevent other programs from reading it, and Axcet uses encryption to further obscure the data location.
Axcet HR Solutions stakes our reputation on securing your data every day. We budget any resources necessary for the most advanced security measures. We regularly train our employees to protect data. We continuously back up data with redundant systems. And we maintain as much control as possible over storage procedures.
We care for your data like it's our own, so you can rest easy partnering with Axcet for your payroll or any other HR function. Here are six reasons Kansas City small and medium-sized businesses have been trusting Axcet HR Solutions with their business' payroll needs for more than 30 years.