Candy from the baby? – NCT theft highlights data security

8th April 2016

Data theft at NCTNational Childbirth Trust (NCT) data was hacked this week, highlighting yet again the need to protect data within the not for profit and indeed any business sector. This blog gives out thoughts on the subject together with links to hints and tips that could prove invaluable to your organisation

IRIS FMP Payroll Services are well aware of the need for secure data in the charity sector, and earlier this year posted top tips onto the NCVO Know How Non Profit website.

The NCT breach occurred and was discovered on Wednesday 06/04/16, upon which they contacted everyone affected telling them about the breach and advising that they change their username and passwords. We have also reported the matter to the police and Information Commissioner. On this occasion 15000 names and passwords were affected.

In March 2016 we reported on the Snapchat phishing attack when an unsuspecting payroll department employee was duped into providing all of their sensitive employee data to a hacker.

These types of attack highlight the need for systems and procedures to be in place to protect sensitive employee data, and for staff to be fully trained and aware of the implications of poor data protection.

Reputable payroll outsourcing companies should have data protection covered under ISO 27001 accreditation, which lays out how they protect valuable company payroll data.

However, with more security breaches in house it’s important for organisations to train and coach internal staff on understanding and dealing with data theft and phishing requests such as these. IRIS FMP Payroll Services also produced a handy blog guide ‘5 Payroll Fraud Red Flags’, and the ebook for download ‘How secure is your payroll data’ available below

Of course prevention is always better than cure and we firmly believe that a regular payroll audit can help identify potential areas of weakness.