February 24, 2010 | HRIS | Posted by Ascentis
Do You Know if Your Data is Really Secure?
by Mike Cross
There’s a crook out there thinking of ways to make a quick buck, and identity theft is at the top of his list. The Internet has revolutionized the way your employees access their own information. They can see their last paycheck, make a change to their benefits or submit an updated W-4 form for withholdings.
Those who conceived the Internet assumed a Utopian culture where free-flowing information would only be used for good. Yet the real world is far more perilous. Today’s world requires a high level of security, and Internet security is no exception.
How secure is your approach to data protection? You’ve probably overheard the IT people talking in the hallway using terms like “patching the minimal server configuration” and “intrusion prevention systems.” And what you’re really hearing is something like Charlie Brown’s teacher speaking. Do you feel your employees’ information is safe and secure?
When evaluating an on-demand solution, look for these important points:
- Employee data is encrypted when it travels over the Internet
- The vendor uses multiple levels of network security to isolate potential threats
- All servers are “hardened” (i.e. have minimally installed) operating systems; regular updates (patching) is performed
- A SAS70 Type II independent audit report is available and performed by a reputable firm at least once a year
- Security-threat monitoring systems are implemented and have 24-by-7 coverage
- Backups are created; and backups of those backups are also created
While considering a solution for protecting your data, keep in mind that security starts at the desktop. Anti-virus software has become a standard program installed on every corporate computer. This program compares incoming email messages to a list of known “signatures” and attempts to block any known threat it matches. But there’s something else you have to watch: “social engineering” threats. These threats often arrive in the form of an email that attempts to trick you into clicking a link or opening an attachment, which can then avert the best security measures.
Cisco Systems provides a good whitepaper about this topic here . The best practice is to avoid opening any attachment or clicking any link without first knowing who it came from and that you were expecting to receive it.
Contact Ascentis today for more information about secure on-demand HRIS and payroll solutions.
Mike Cross is Director of IT and Operations at Ascentis. He has 15 years of experience with systems and security, and has also worked as a software engineer on the Ascentis Payroll product.