Organizations that have the greatest reach in terms of business and clientele should mandatorily institute enterprise-wide risk management policies that shield it from online theft and data breach. Protecting the business from cyber frauds not only totals up one’s reputation as a credible business partner, but also ensures the security of company and financial data from malicious hackers.
Payroll companies, who service large head counts, need to take risk management very seriously. It’s not just the sheer amount of accounts they handle, but sensitive personal employee details, their banking information, transactions, bank account numbers and benefits that make security a priority. Team members, who handle such sensitive client data, should be well trained to detect, handle and report maleware or suspicious activity as soon as they encounter it.
Data, as we know, travels through several servers, networks (protected and unprotected) and spends time getting uploaded and downloaded seamlessly from the Cloud. Though technology has made information availability ubiquitous, there are several disadvantages that not only affect client data, but one’s own company data too.
Online fraudsters can wreck serious damage on the companies they steal from. As a payroll company, even your corporate records, bank accounts and financial data are at the risk of theft as well. According to some findings, cyber experts say that breaches often happen because of leaks within an organization itself, at times on purpose, but other times when an employee inadvertently sends sensitive information to the wrong person. It can also occur when data is not password-protected or networks aren’t firewalled properly.
Encryption, another important and legal requirement, forms one of the best practices in data security checks in most corporate houses. With changing cultures at the workplaces, people bringing in their own devices, usage of extensive in-house and mobile apps and smartphone-for-work, proprietary data starts getting increasingly shared between all kinds of devices and across unfiltered networks. The last thing organizations would want to deal with is the penalty that comes their way when clients sue them for data breach.
By coding and decoding data, encryption, offers a foolproof solution to prevent breach by third party intrusion. Most vendors provide this facility for payroll companies under no extra clause. Formulating an encryption protocol in your company’s security policy not only helps weed out hacking, but also helps fulfill compliance. For example, according to hrmsworld.com, U.S.’s Health Insurance Portability and Accountability Act (HIPAA) demands native encryption on any device that holds relevant data. Examples like these are true for many MNCs.
User data has become even more sacrosanct with the coming in of General Data Protection Regulation (GDPR) in Europe. Research firm Deloitte, in its 2018 report on Data and Privacy Protection in ASEAN notes that the EU is ASEAN’s second-largest trading partner and the largest provider of Foreign Direct Investments. This means that many organizations within the ASEAN would be required to be compliant with the GDPR.
ASEAN, according to Deloitte, has the highest internet and mobile penetration in the world - with 80 percent of its population using the Internet and 100 percent having access to mobile phones. This makes the region more prone to cyber theft and security infiltration. Due to the heavy financial and personal implications cyber thefts could impose, many countries in ASEAN have come up with similar versions of the GDPR.
Malaysia and Singapore comply with Personal Data Protection Act (PDPA), Thailand uses The Notification of the Electronic Transaction Committee on Policies and Practices for the Protection of Personal Information of Government Agencies, Vietnam employs the Law on Cyber Information Security (Law No. 86/2015/QH13) and Indonesia relies on Ministry of Information and Communication Regulation No.20/2016.
Even with checks and policies in place, business leaders should feel it incumbent on them to monitor security systems, update software or invest in professional data security infrastructure. Payroll companies should take care to conduct timely checks into accounts, audit its finances and employ a team to take care of entire payroll instead of having a single person operating several accounts.
Routine team training is also imperative to avoiding phishing pitfalls. At Propay Partners, we frequently educate the team on prevalent maleware in the cyber space, common types of scams and hacker’s snags through refresher programmes and periodical confidentiality sign-ups. The team is also trained to respond and report fraud with immediate effect. IT reconfiguration is also taken up every few years to bolster our networks and erase e-banking activity.
Safeguarding finances and client data has become very important across top leadership among corporates in ASEAN. Protecting data ensures longevity of the business through accountability of client’s assets and in turn, one’s own.
