There is a growing threat to companies that use online services to administer their employee benefits and payroll as cyber criminals increasingly exploit these cloud service platforms.
The results of a hacker gaining access to the company’s payroll systems, sloshing with cash, as well as employees’ personally identifiable information can be devastating both to the employer as well as its workers, according to a blog by the law firm McLane Middleton.
Do not assume that the payroll and benefit system you are using has safeguards in place to prevent these types of attacks. Sometimes you may need to activate them on your account or configure your account a certain way.
Cyber criminals that hack these platforms can tap into a gold mine of sensitive information about employees and their dependents, including:
Social Security numbers
Government identifications and numbers
Bank account information for employees and dependents, and
Health information.
The other vulnerability is the funds that go through these accounts. Large sums of money flow through a number of transactions for:
Payroll
401(k) and other retirement accounts
Health insurance, and
Other benefits.
As you can see, these online payroll services have a rich smorgasbord of data and they facilitate numerous large financial transactions. For criminals, that’s a treasure trove.
Successful attacks on online benefits and payroll services can result in huge losses as well as liabilities for an employer. And worse yet, the damage is manyfold:
The criminals can divert large financial transactions like payments to retirement funds and smaller ones like payroll payments, to a fraudulent account, which they promptly drain.
The criminals steal personal information of employees. They can then demand the employer pay a ransom in exchange for not selling the information on the dark web. If the employer refuses to pay, they can demand individual employees pay a ransom.
What you can do
Often hackers will gain entry to a benefits and payroll website not through any fault of your own. So, it’s important that you choose a system wisely.
McLane Middleton recommends that you should look for online benefits and payroll platforms that value security and protect their clients’ accounts with the following:
Multi-factor authentication — Besides a password, a platform worth its salt will include multi-factor authentication. Typically, that entails sending an authentication message to a pre-specified e-mail or mobile phone number that can accept text messages every time there is a log-in attempt.
Other systems may use certificates that the employer installs only on computers used by employees who are authorized to access the platforms.
Multi-user notification and authorization — This entails notifying key personnel if an employee’s profile information (such as physical address, phone number or bank account number) is changed inside the payroll or benefit system. The website would then send an e-mail to a secondary person in the organization to approve the change by logging into the system.
Different levels of access privileges — One common approach is for hackers to target employees in your organization with administrator access to your benefits and payroll system. All of the employees that use the system often do not need access to all of it.
You can limit access of your human resources staff to only those functions necessary for them to do their jobs. This prevents them from accessing files and information they have no business seeing.
Logs of access and activity — If possible, try to find a vendor that has log files that can record dates and times of a breach, what the cyber criminals were doing in the system and what data they accessed and downloaded.
The takeaway
If you are using an online platform to administer your benefits and payroll, you should ensure that the vendor is taking the appropriate steps to protect itself, and you, from cyber attacks.
You may want to discuss with your vendor what kind of security they have in place and any extra steps you can take as an organization to reduce the chances that information and funds in your accounts are safe from abuse.
If you would like to speak with us call Gary Wallach at 914-806-5853 or click here to email or click here to visit our website.
BGES Group’soffice, located in Larchmont, NY is a full service insurance agency offering, Property, Liability, Umbrella Liability, Business Auto, Bid & Performance Bonds, Inland Marine, Worker’s Compensation, Workers Compensation Premium Recovery, New York State Disability, Group Health, Life insurance, Personal lines and Identity Theft.
Special Contractor Insurance Programs (NY, NJ, CT)– We we have 50+ insurance companies to market your general liability, umbrella liability, business auto, workers compensation, bid & performance bonds and group health coverages. We help contractors set up proper risk transfer. If you’re a contractor we offer extensive information about insurance markets, coverages, risk transfer, subcontractor screening, ways to lower your insurance costs.
BGES Group are Worker’s Compensation Specialists for the States of New York, New Jersey and Connecticut– Issues we address: 1) Lowering pricing – we have specialty programs that can save you up to 40%; 2) Finding a new company; 3) Replacing policies that are being cancelled or non renewed; 4) Audit disputes; 5) Company creating fictitious payroll at audit time; 6) Lowering high experience modifications factors; 7) Misclassification of payrolls; 8) Lowering or eliminating renewal deposits; 9) Getting coverage when you’ve been without for a few months; 10) Covering multiple states under one policy; 11) Eliminating 10% service or policy fees; 12) Timely issuance of certificates; 13) Always being able to get someone on the phone or by email when you need to.
If you would like to speak with us call Gary Wallach at 914-806-5853 or click here to email or click here to visit our website.
Company: BGES Group, 216A Larchmont Acres West, Larchmont, NY 10538
