Cybersecurity and data protection may sound like jobs for an IT professional, but HR plays a key role in ensuring private information stays where it belongs. By staying aware of new threats and best practices, and communicating those effectively to employees, HR teams can significantly impact information security at their organizations.
SHRM IT Security Specialist Rob Chavez says, “HR is the conduit between the IT security department and staff — clarifying policy, providing resources, and working behind the scenes to recognize and anticipate the potential information security issues that arise in every company.” People are finding new ways of connecting with each other and accessing information using technology every day, and that means more and more opportunities for staff to be targets of malicious activity online.
Paylocity’s own Information Security team (InfoSec) is providing you with tips every month that you can implement today and share with your employees to help reduce your risk of cyberattacks.
1. Avoid phishing scams.
Phishing scams are designed to get you to click a link, open an attachment, or even send funds to a fraudulent source. Look for clues that might indicate a fake or malicious message, such as poor grammar, typos, urgent calls to action, or low-quality images. Verify any requests for W-2s or other tax documents by reaching out directly via phone, and pay extra attention to attachments you weren’t anticipating. If you receive a suspicious email claiming to be from Paylocity, contact your Paylocity Account Manager for assistance.
2. Travel securely.
Traveling with digital devices is often necessary to stay connected, but publicly posting details and photos of where and when you’ll be traveling could easily be used by criminals to target your home or business while you’re gone. Avoid using public computers and open networks for sensitive online transactions, and instead connect to your company’s virtual private network while on the go. Enable device tracking and encryption for extra security, use a password or screen lock to protect your devices, and back up your device in case it is lost or stolen.
3. Conduct regular user access reviews.
Personnel and role changes are a normal occurrence for every business — and it’s helpful to revisit, at least annually, your security roles within the Paylocity platform and groups to ensure they align with your business processes. Start by removing or reassigning any terminated employees from active groups, then check the members of each security group and review the roles assigned to each. Update the level of access as roles or responsibilities change.
4. Utilize available security features.
Enabling a few key security features can help you prevent and detect unauthorized access to your Paylocity platform. Reduce the likelihood of unauthorized access by enabling multi-factor authentication, and add a mobile number to make it harder for attackers to gain access to your sensitive information. Set IP restrictions for security groups, limit logins to authorized networks, and track login attempts due to invalid IP addresses.
5. Use extra caution during tax season.
Tax season is a prime time for online scams. Cybercriminals look to cash in on fraudulent tax filings and/or steal your identity by targeting your W-2 reports, last pay stub of the year, or other documents with this information. Protect yourself by confirming with supervisors if unusual requests for tax documents are received, and file your tax forms on secure sites only. Keep in mind the IRS will never contact you for immediate payment without having first mailed a bill.
Is there a security topic you’d like to see us cover in the future? Send your ideas to email@example.com.