Steps to take to mitigate risk of payroll cyber attacks
With the recent cyber attack on Frontier Software, we are aware that there may be concerns over data security and protection in payroll software.
We at KeyPay understand that sensitive employee and payroll information must be protected, and we take measures to do so.
KeyPay is ISO/IEC 27001:2013 certified
What does this mean? ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.
We maintain certification through extensive audits of controls to ensure that information security risks that affect the confidentiality, integrity, and availability of company and customer information, are appropriately managed.
Here is a copy of our ISO 27001 certificate.
Disaster recovery processes
At KeyPay, we ensure we have processes and checks in place to safeguard us from attacks. However, no system is foolproof. As part of our ISO certification and obligations, KeyPay has disaster recovery procedures in place to respond quickly to potential attacks. We carry out regular drills to maintain these processes. Please be aware that these procedures are confidential to ensure success.
Our customers’ data is hosted on Amazon Web Services (AWS). All data is hosted in the AWS Asia Pacific (Sydney) region and is PCI compliant. You can find out more here.
Data is transferred using 256bit SSL encryption and all sensitive data is encrypted on disk.
Does KeyPay support HTTPS?
All data transferred via the payroll platform is done so via HTTPS. No data is transferred via HTTP.
How often is data backed up in KeyPay?
Full backups are carried out daily and transaction logs every 15 minutes.
Are backups recovered and verified and if so, how often?
Our backups are verified and tested on a weekly basis.
What personal information is stored and how is it used?
Human beings are still the weakest link in any organisation’s digital security system. People make mistakes, forget things, or fall for fraudulent practices. That’s where cybersecurity awareness comes in and is extremely important.
This involves the process of educating employees on the different cybersecurity risks and threats out there, as well as potential weak spots. Employees must learn the best practices and procedures for keeping networks and data secure and the consequences of not doing so. These consequences may include losing one’s job, criminal penalties, or even irreparable harm to the company.
By making employees aware of the scope of the threats and what’s at stake if security fails, cybersecurity specialists can shore up this potential vulnerability.
What other steps can you take to keep payroll secure?
- Use a password manager such as 1Password to keep passwords secure and protected.
- Do not share your password with anyone. Ensure you use different passwords for different applications - and make sure they are strong. Password managers can help to confirm this.
- Limit user access - KeyPay full access users can grant restricted access to other users in order to protect potentially sensitive data. Find out more here: AU | UK | NZ | SG | MY
- Enable Two-factor authentication on your payroll account, to provide an additional layer of security and make it harder for attackers to gain access. Find out more about how to manage this in KeyPay: AU | UK | NZ | SG | MY
- Enable Two-factor authentication on your email account. Email is a very common attack vector. The more channels you strengthen security on, the less risk of being vulnerable to a cyber attack.
If you have any questions or concerns, don’t hesitate to reach out to email@example.com.
Disclaimer: The information in this article is current as at 1 June 2022, and has been prepared by Webscale Pty Ltd (ABN 70-154-693-955) in Australia / KEYPAY LTD (company number 11417566) in the United Kingdom / KEYPAY LIMITED PARTNERSHIP (NZBN 9429048779524) in New Zealand and its related bodies corporate (KeyPay). The views expressed in this article are general information only, are provided in good faith to assist employers and their employees, and should not be relied on as professional advice. The Information is based on data supplied by third parties. While such data is believed to be accurate, it has not been independently verified and no warranties are given that it is complete, accurate, up to date or fit for the purpose for which it is required. KeyPay does not accept responsibility for any inaccuracy in such data and is not liable for any loss or damages arising either directly or indirectly as a result of reliance on, use of or inability to use any information provided in this article. You should undertake your own research and to seek professional advice before making any decisions or relying on the information in this article.