Some common misconceptions:
1. Our payroll server is locked up in our payroll admins office, so it is safe.
2. It is not likely to be hacked as it is not connected to the Internet.
3. It is an internal application, so it must be safe.
4. It is cloud-based, so it is secure.
Think again. It will be impossible to run your payroll if you are not able to upload files and make payments to SARS, and, more importantly, to pay your staff electronically. So actually, it is fully connected to the Internet.
Your payroll administrator has e-mail as well, and, of course, can browse the Internet, so without a doubt it is connected to the Internet. In fact, it is not possible to run a business these days without connectivity to the Internet. Everyone and everything connected to the Internet is vulnerable.
Essentially, this means your payroll administrator and payroll server is just as vulnerable to cyber crime as everyone else is. Organised attacks such as phishing, malware, ransomware and social engineering puts all your sensitive payroll data at risk.
Phishing and malware attacks often involve tricking a victim into opening an attachment with a malicious payload. Very often, these attachments masquerade as an EFT payment or deposit notification. This is essentially what payroll administrators deal with every day, so a cleverly disguised attack could easily deceive the payroll administrators into making that one click.
There are so many clever hoaxes and tricks out there that are so incredibly authentic looking that we now have professionals and organisations alike dedicating themselves solely to debunking hoaxes and exposing phishing and other scams. Such is the sophistication level these cyber criminals are operating at, that the average layperson cannot distinguish between an attack and a legitimate communication. We are all fallible and make simple mistakes.
But, if you think cloud-based solutions are safer, then think again, all cloud-based services sit openly on the Internet, face-to-face with every cyber criminal and malicious piece of software in the entire world. Scary!
And finally, the last piece of information you should be aware of, and possibly the most important piece of information, is that your payroll data containing all your employees' sensitive information is stored in the database as plain text and can easily be read by anyone, without even opening the database! This makes it possible for an insider, such as an administrator, or malware, to be able to steal your entire payroll system without detection.
The only effective method of securing your payroll information is to encrypt it. Encryption is the only solution for protecting sensitive data from cyber crime.
Encryption denies all unauthorised attempts to access your sensitive data. Encryption means your payroll data cannot be stolen or copied and is protected from insider threat as well as both malware and ransomware (on Windows systems).
For more information on our encryption services, please contact us on:
info@encryptech.co.za
+27 11 593 2394
www.encryptech.co.za
Share