In 2016, the IRS announced that a flaw in its 'Get a Transcript' tool was vulnerable to hackers during 2014 and 2015. They stated that access to more than 700,000 taxpayer accounts was compromised during the two-year span. If the IRS is that vulnerable to hacking, so is every U.S. employer. That begs the question: how secure is the data in your client’s payroll platform?
Moving Payroll to the Cloud
Data security begins with how and where data is stored. Prior to the advent of cloud computing, companies stored their payroll data on local computers that may or may not have been connected through a local network. While that is still possible today, local networks are easily infiltrated unless a company puts tremendous resources into securing its network and maintaining security.
Today's cloud is a much more secure environment. Cloud servers are protected against breaches through a combination of hardware and software measures that are continually updated to expose potential vulnerabilities. The facilities themselves are secured via control access and a variety of additional measures.
Furthermore, because cloud-based payroll relies on software-as-a-service (SaaS) rather than locally hosted software, it is kept up-to-date by the provider. That makes for fewer concerns about outdated software being vulnerable to security breaches.
Limiting Access to Data
Proper data security relies as much on controlling access as it does choosing the right place to store data. Access should only be given to those who have a specific reason to need it, including accountants and payroll professionals. Even at that, access should be diligently controlled through strict use of usernames and passwords.
Under no circumstances should payroll information remain displayed on a computer screen left unattended. When payroll workers need to leave their desks, screens need to go dark. Printing screens and back up again should require the same username and password.
Keeping Software Up-To-Date
Software developers are constantly updating their products to maintain the highest levels of security. But for those updates to be effective, these have to be deployed.
Does your client’s IT department routinely update applications as soon as updates become available? If not, they are risking a security breach. Software updates should be a top priority for every IT department.
Keeping Separate Data Backups
While most of what we talk about in terms of data security relates to preventing unauthorized access, there is another component here: protecting data against loss. Computers are machines that can and do fail. As such, backups of all payroll data should be made on a regular schedule. Those backups should be kept in a secure and separate location.
Companies that have already moved their payroll to the cloud must insist that cloud providers make daily backups and store them in separate locations. In the absence of backup data, it only takes one failure to wipe everything out, creating a nightmare that could take months to recover from.
Data security is no longer an option in a world that relies on computers as much as we do. This includes payroll data. So, how secure is the data in your client’s payroll platform? If there is even the slightest chance that there could be security issues or potential data loss, now is the time to address it. Do not wait until disaster strikes before they start looking for a solution.
IRS – https://www.irs.gov/newsroom/irs-statement-on-get-transcript