CISO? Your Biggest Threat is Hiding in Your Finance Department
Over the past year, I heard global payroll managers tell me again and again that they have “no IT resources.” The more I looked into the payroll practices of companies, from small startups to Fortune 100 companies, the more I realized they were right.
The vast majority of companies, comprising 85% of the global workforce, still process payroll manually through their payroll providers. And it is leaving them vulnerable to cyber-criminals.
In so many cases, employees submit their data by email (including sensitive data such as social security number, bank details, copies of ID card, and more. add ) after more
How many HR departments check the security of the accounting firms they work with? As a CISO, would you ever allow suck sensitive information to be sent by email?
The security breaches are mounting. As the Safe-T blog reported:
With the vast trove of personal financial data at their disposal, however, accounting firms have become a prime target for hackers everywhere. This was the case last year with a New Jersey-based firm that lost more than 12 GB of W-2 statements, tax returns, correspondence and more. Accounting firm Presnell Gage also dealt with a similar security breach, with hackers accessing tax returns and clients having fraudulent tax returns filed without their authorization.
During the recent run-up to Tax Day in America hackers used fake accounts that looked like emails from top payroll companies and accounting firms, taking advantage of the flurry of emails sent back and forth between accountants and their clients during tax season. The attacks were so fierce that a leading US HR management company with many legacy clients, was forced to issue a warning to its clients in March against fake emails that appeared to be coming from the company.
While CISO departments are enforcing the highest security levels on every piece of data in the organization — the payroll data can cause privacy breaches (by exposing employee’s personal and salary details) security breaches (by providing identities and banks accounts that can be hacked) and fraud (as described above).
I believe it’s time to set standards for the way payroll data is managed. That’s why we are developing Papaya Global — to create a more secure future for global payroll.
We are proud to lead the highest security standard, both in data processing and automation, in security and privacy, by being compliant with GDPR and ISO27001, SOC 1 & 2 regulation, full SSO support, and encrypted data to meet the highest security standard.
With these measures, we make sure our clients are protected, even if they work with suppliers with weak data security.
Global Payroll should be simple, smart and most of all — secured.