Pokémon Gone! – Hackers highlight risk for business

18th July 2016

Bacs_Payroll_Blog_ImageThe simplest of errors has left Pokémon Go fans locked out of the latest version of this game. Whilst this may see hoards of angry fans without their Pokemon fix, and raise the odd chuckle here and there, it does highlight the serious need for any business to stay on top of data protection and hacking. Not so much Pokemon Go as Pokémon Gone!

What’s this got to do with payroll, I hear you ask?

The rise of external hacking attacks continues to be a headline grabber for business, with high profile payroll theft stories such as at Morrisons, Snapchat  and National Childbirth Trust (NCT) damaging reputations and putting payroll increasingly under the spotlight.

The transmission and protection of any sensitive data, but especially data belonging to individual employees,  needs the highest protection. SMEs are particularly at risk, especially where they use email to send sensitive data to their local accountant or payroll house for processing.

Strong security controls enable organisations to ensure the protection of sensitive information and intellectual property.

Email is not secure. So, what’s the answer?

Encryption

All your payroll files should be protected by a system that allows data at-rest and in-motion to be protected with the highest levels of encryption. whether a business processes payroll in house or externally there needs to be a system that has governance, data security and compliance. If you’re outsourcing your payroll you should ensure that your provider also has ISO 27001 accreditation.

The ISO 27001 standard accredits organisations by laying out how they manage the security of assets such as financial information, intellectual property, employee details or information entrusted  by you.

It provides requirements for an information security management system (ISMS), the systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

It can help small, medium and large businesses in any sector keep information assets secure.

ISO 27001 accreditation is possible but not obligatory. Some organisations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.

So ensure you don’t hit the headlines with a Pokémon Gone! episode by making a review of your payroll data security your number one priority.