Introduction
You might be aware of cyber crimes and how different types of malicious software can place some or all of your company’s precious pieces of information at stake. A dramatic increase in the cyberattacks targeting the payroll departments and payroll services of companies have been witnessed since 2017. A forewarning by the FBI’s Internet Crime Complaint Centre(IC3) was also issued in September 2018, which signalled a threat to the various industries including the education, healthcare and commercial airway
2
transportation sectors regarding their online payroll accounts. The IC3 cautioned against the use of phishing emails by the hackers to steal employee’s login credentials and siphon money off their depository accounts.
For a long time now, news stories featuring cyber-attacks on enterprises has been on the go. Reports show that 82 % of the Indian companies have experienced ransomware attacks in the last 12 months and claimed to have paid more than a fortune of 8 crores on an average to fix the issues.
How do you shield your payroll against such attacks?
Ransomware is a type of malware which encrypt’s the victim’s files and then holds it as hostage unless their demands for ransom are met. Lucky that every Indian company who paid the ransom recovered their data back, while this might not be the case always.
Therefore, not quick fixes but adopting proper safety measures to fight such payroll-related cyber attacks is the key. Listing down some of the preventive measures below:
Click wisely: Ransomware most commonly is delivered in the form of phishing spam. These are attachments that come with emails masqueraded as a file from a trusted source, but once you open or download these, cybercriminals can trick you to allow them administrative access and in some other cases they might aggressively take control over your computer and encrypt your valuable files.
Keep your IT systems and software up-to-date: An expired security software leaves you vulnerable to such malware attacks. Therefore, it is advisable to instantly update such security versions as soon as they are made available to you.
3
Application of software patches for security holes and staying upgraded to the latest software packages is a must.
Conducting awareness programs: Employees need to be well-educated regarding the possible threats of cybercrime and the innovative ways used by such fraudsters to trap its target. They need to be trained on how they can act as monitors and flag such suspicious behaviours to the management at the earliest.
Use tough passwords: People often tend to use easy passwords for their own convenience but they often overlook the downside of doing so. By using easily crackable codes you are growing your chances of being attacked by manifold. Use uncommon passwords and don’t forget to keep changing the same within a short span of time.
Keep a backup strategy handy: If you can keep your payroll information safely stored in a separate drive other than storing it in the system wherein you process your payroll, you can be carefree from the fear of losing your crucial data. Why? Because once a hacker knows the IP address from which you are processing your payroll, it gets easier for the person to hack your system and steal your confidential data. This is where your backup data comes into play.
Strong security controls should be installed: It is imperative for you to have a robust anti-malware and full system scan software installed. This will help in detecting possible threats beforehand and destroy them in the first place, hence leaving no room for intruders to invade.
4
Choose a reliable third-party vendor: Before opting for any vendor, it is very important for you to do a comprehensive study on the one you have shortlisted among the others. Check their previous track records of service to its customers, their terms and conditions and once you are sure of its trustworthiness, agreements regarding security concerns can be made between both of you. Also, regular audits must be carried out at your end to ensure authority doesn’t go misused.
Avoid overdose of authority: When working in a particular department, let’s say the payroll disbursement section, a person who is responsible for doing the transaction must seek approval from an authorised person in the higher level of the hierarchy. A single person must not be entrusted with both responsibilities. This will ensure that no anomalies go unnoticed.
Framing proper policies: Policies relating to the handling of critical business data and payroll must be weaved with utmost dexterity. Any violations must be immediately escalated and strict actions must be taken.