Keeping your data safe from cyber attacks: Protect confidential client information in the cloud
In recent weeks, we’ve heard of a dramatic increase in cyber attacks and data breaches across the world, from telecommunications to technology and marketing automation organisations.
What exactly is a cyber attack? How can you protect your personal information from being breached and misused, as well as your clients’ and their employees’ data? How do cloud payroll software, such as KeyPay, mitigate the risk of attacks and implement robust security protocols?
What happens during cyber attacks?
Cyber attacks and data breaches occur when personal information is accessed, disclosed or misplaced without authorisation.
Often targeting multiple computers and networks, cybercriminals can remotely take control of systems in order to gain access to confidential information.
Once unauthorised access to information is gained, the effects can be catastrophic. This information can then be used for identity theft, accessing financial information, committing other crimes and so much more.
An alarming global study found that 82% of CIOs (Chief Information Officers) believe that their organisations are vulnerable to cyberattacks.
Whilst this can be a scary prospect at both an individual and company level, it’s important to remain calm and in control.
There are many precautions that can be taken to minimise the risk of unauthorised access to sensitive information, which include additional security measures on your personal and business accounts.
How can I protect myself against cyber attacks?
On World Data Privacy Day (which is held annually on 28th January), we provided some key tips on how individuals can protect their data online.
Here are some further tips on safeguarding your personal information from potential data breaches:
Don’t give out personal information unless you can verify the source’s legitimacy
In the latest string of phone, text message and email scams, there’s been an increase in hackers posing as family members or friends in need of help. There’s even been scams that are posing as legitimate organisations using sophisticated domain spoofing. Always verify the source of any communication by navigating to an organisation’s official website or channels - and never engage, unless you are certain that the communication is legitimate.
Use complex passwords on both your computer and mobile devices
With the help of a password manager to generate complex passwords, you can minimise the risk of being hacked. Make sure to combine numbers, special characters and punctuation - and never use your name or any information that may be easy to guess, such as your date of birth.
Download good security software
Install reputable anti-spyware, anti-virus and firewall software on your devices, and always ensure that you frequently update your browsers, apps and software devices to limit potential hacker access.
Destroy personal information properly
Be cautious when throwing away expired bank cards, confidential documents and even your mail - make sure you shred and physically destroy personal information to minimise the risk of it falling into the wrong hands.
Frequently review bank statements, emails, software and apps
Make sure to pick up any unauthorised activity before it becomes an issue. If you see a suspicious transaction on your bank statement, contact your bank immediately. If an email in your inbox looks dodgy, don’t open it and ensure that you immediately report it as spam.
Whilst protecting your personal information against unauthorised use is essential, there’s also a need to protect your clients’ information - especially when it comes to payroll and this type of confidential data.
By partnering with software solutions that provide an added layer of security in comparison to desktop-based servers, you’ll be giving your business and clients the best possible chance of protection.
How can I protect my clients’ confidential payroll data?
Accountants, bookkeepers and outsourced payroll providers are entrusted with the most confidential and private data. The cost of this information falling into the wrong hands affects not only your business and your credibility, but the livelihoods of your clients and their employees.
With the stakes this high, it’s important to take as many steps as possible to safeguard your clients’ information.
Here are 4 ways that you can protect your clients’ confidential payroll data:
- Back up data securely to the cloud and eliminate the time-consuming and risky process of manually backing up payroll data - or worse, using paper-based storage methods. Ensure that payroll data isn’t solely stored on your computer, and consider software that automates backups to help streamline and protect this data.
- Enable two-factor authentication on all client accounts to mitigate the risk of compromised passwords through hacking or phishing attempts. An extra but necessary step is to make this mandatory for all client employees as well, to protect information from all angles.
- Limit user access to retain tight control through effective payroll software. A sign of strong payroll software is one that allows you to both delegate and limit user access, so that you know exactly who is accessing client information and to reduce the risk of data leaks.
- Confirm your software meets minimum (and additional) security standards, such as ISO/IEC 27001 compliance. This is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.
KeyPay will always protect confidential client information
At KeyPay, the security of our platform, our clients’ data, and our clients’ employees’ data is always front of mind.
We understand that the recent cyber attacks may cause concerns over security, which is why we’re re-emphasising our commitment to protecting our clients and their employees.
Here are some of the ways that KeyPay protects confidential client information:
ISO/IEC 27001:2013 certified
We maintain certification through extensive audits of controls to ensure that information security risks that affect the confidentiality, integrity, and availability of company and customer information, are appropriately managed. Here is a copy of our ISO 27001 certificate.
Disaster recovery processes
As part of our ISO certification and obligations, KeyPay has disaster recovery procedures in place to respond quickly to potential attacks. We carry out regular drills to maintain these processes. These procedures are confidential to ensure success.
KeyPay’s client data is hosted on Amazon Web Services (AWS). All data is hosted in the AWS Asia Pacific (Sydney) region and is PCI compliant. Data is transferred using 256-bit SSL encryption, and all sensitive data is encrypted on disk.
HTTPS data transference
All data transferred via KeyPay’s payroll platform is done so via HTTPS, with no data being transferred via HTTP. This is to protect information from being intercepted by third parties, and ensures that information is encrypted for extra security.
Data backups and verification
In KeyPay, full backups are carried out daily and transaction logs are carried out every 15 minutes. Our backups are also verified and tested on a weekly basis, for added peace of mind.
Limited user access
KeyPay full access users can grant restricted access to other users in order to protect potentially sensitive data, and prevent information from falling into the wrong hands within your business.
Mandatory two-factor authentication
In March 2022, KeyPay made 2-factor authentication mandatory for both new and existing users in order to encourage additional security measures on client data.