At least a dozen client companies of payroll giant ADP recently fell victim to an identity scam where criminals acquired thousands of employee names and personal data which were then used to set up fraudulent ADP employee accounts, steal employee W-2s, and file false tax returns. This has made small business owners nationwide feel uneasy, wondering how this could have been avoided.
Here are steps every employers should take to prevent a similar cyber security hack.
First of all, it’s important to note that the crooks acquired employee personal data (names, social security numbers, addresses, etc) outside of ADP’s secure systems. From there, hackers used the cookie cutter system of setting up employee usernames and passwords to create a new ADP employee profile, which leads to our first two steps of avoiding a similar ADP hack:
- Create a unique code for each new employee to set up an online profile.
- Provide new employees with “how-to” instructions privately and not posted online.
To safeguard against a cyber security hack, your PEO also should:
- Enforce strong password policies where employees create their own passwords that require eight or more characters that use a combination of letters, numbers and symbols.
- Encrypt confidential information.
- Use a reliable security solution to scan for anomalies.
- Conduct regular security audits, preferably from an outside vendor.
- Tighten up access to sensitive information, both internally and at the client level.
If you’re a growing company and think you’re not a target for identity theft, think again. According to the National Cyber Security Alliance, 20% of American small businesses are attacked by cyber criminals. And according to Symantec, one in three cyber attacks are aimed at small businesses with less than 250 employees, where 2 of those 3 small companies will likely go out of business within months of an attack.
Stratus.hr takes security seriously for its clients. Among other controls listed above, Stratus.hr is currently undergoing an SOC I audit that, after completed, will include a risk assessment to hone our security practices and help us reduce our overall vulnerabilities and threats. Performing this annual audit helps us proactively ensure that our internal controls are suitably designed to meet our objectives.
If you have any questions about our Stratus.hr security measures and/or would like information about personal security products for employees such as Lifelock, please contact us.
You want to have confidence in your payroll provider, but you need to ensure they take cyber security seriously.