Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Ray Colado, Information Security Analyst Raise awareness around information security to help you protect valuable personal and company information. 2
Information Security Trends in Cyber Crimes Cyber Crime Statistics The Perfect Storm Social Engineering Passwords, and more! Web Pay Security Features & Best Practices 3
Trends in Cyber Crime 4
Cyber Crime Statistics: 89% of all attacks involve financial or espionage motivations. 63% of confirmed data breaches involve using weak, default or stolen passwords. 95% of breaches and 86% of security incidents fall into nine patterns. Ransomware attacks increased by 16% over 2015 findings. Source: Verizon 2016 Data Breach Investigations Report 5
Did you know? Among small to mid-sized businesses infected by ransomware Ransomware doesn t kill small businesses Downtime does! 6
Top 3 The Perfect Storm Social Engineering Malware Hacking Recipe for Disaster Social Engineering + Malware + Hacking 7
Social Engineering What is it? Popular methods include phishing, smishing, vishing and scareware 8
Phishing What is it? Common characteristics include: Generic greetings Spelling and grammar errors Too good to be true offers Create a sense of urgency 9
Phishing Think before you click! Things to look for: Sender Subject Relevancy Spelling and grammar Links Attachments 10
11
12
Smishing What is it? Tips: If the sender is not in your contact list and/or the text doesn t make sense The text is Too good to be true Do not click on the link! DELETE IT! 13
Vishing What is it? Tips: Do not divulge any personal information like banking or credit card information Do not give in to their high-pressure tactics or intimidation. Hang up! 14
Scareware What is it? Tips: Do not call them Close the browser window 15
Passwords 35% of Users Have Weak Passwords; the Other 65% can be Cracked! Use paraphrases with at least 8 alphanumeric and special characters Unique account, Unique password Separate work from personal Write it down, to keep it safe Change it often (do not reuse) Opt-in to better security (MFA) 16
Automatic Updates Enable Auto-Updates Operating System patches Anti-virus signatures Application updates 17
Social Media Tips: Use a strong password Mark your page as Private Only accept friend requests from people you know Limit the information in your profile Do not post your vacation photos Be mindful of your posts 18
Additional Security Best Practices 1. Use a virtual private network (VPN) to connect to your company s network over a public Wi-Fi connection. 2. Lock your computer screen while you are away from your desk. 3. Lock your smartphone by using a PIN, password or pattern. 4. Keep your work area free of any sensitive documents. Lock them up. 5. Use your anti-virus software to scan USB and other external storage devices as they can be infected by malware. 6. Avoid copying sensitive personal data such as your Social Security, credit card or bank account number to a USB flash drive or storing it on a shared device. 19
Web Pay Security Security features we provide to help you secure your data 20
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 21
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 22
IP Restrictions Benefits Allows Company Administrators to restrict access to Web pay only from allowed IP addresses per security group Tips Ensure to define access for users explicitly or use ALL security group to avoid lockouts Prevents unauthorized access from outside your company network Incorrect configuration can lock out users Blocked Login IP Address Audit report 23
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 24
Notifications Benefits Notifications are sent based on a trigger date or event Tips Set up notifications for key updates that could detect malicious activity. Allows users and to be proactive in detecting malicious activity Know what is going on inside of your application Run reports regularly Notification by User report Notifications Setup report 25
Notifications Key Notifications to Set Up Notification 021 - Payroll Update Occurred Notification 028 Challenge Question Updated Notification 029 - Employee Direct Deposit Account Updated Notification 031 - Pending Changes Awaiting Approval Notification 061 User Account is Locked Out Notification 062 - User Reset Password Notification 063 User Logged In From New Network 26
Notifications 27
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 28
29
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 30
Single Sign-on (SSO) Some Key Benefits: Saves time and effort Fewer passwords to remember Reduces the risk of user account lockout * Not recommended for use by Company Administrators 31
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 32
Multi-Factor Authentication (MFA) 33
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 34
Step-Up Authentication (SUA) Some Key Points: Only Company administrators will use SUA. You can still access the full file of W-2s from the year-end dashboard At the first access of a W-2 and again after 2 hours of work time you will be prompted to SUA again. MFA and SUA are two types of security and are not dependent on each other. You will have to do SUA even if you just did MFA. 35
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 36
Role-based Access Control Security Roles 8 Standard security roles Roles are based on least privileged access Ability to create unlimited Custom Roles Maintain least privileged access Custom roles must be set up by Paylocity Tips: Review your employees security role at least once a year Review custom roles to ensure access aligns with job responsibilities 37
Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 38
39
Web Pay Best Practices Steps you can take to detect suspicious activity 40
Web Pay Best Practices Payroll Audits Employee Templates & Checklists for Terminations Go Paperless 41
Payroll Audits Before submitting payroll Review the Pre-process Register Review batch totals Make sure agency checks and deductions match Verify checks and direct deposits are correct Verify you own check Verify executive checks Verify checks with unique setups Review the payroll audit configuration to make sure none of the settings have been changed without your knowledge. 42
Employee Templates & Checklists Terminations Create a template Create a checklist Benefits Template contains all of the information required to terminate an employee all on one screen. Checklist tracks the operational tasks required to terminate an employee. Company Administrators are notified when all tasks are complete. 43
Go Paperless! Tip Enable paperless W-2 s Benefits Reduces printing costs Get your W-2 sooner Reduce likelihood of tax fraud Make it harder for the bad guys! 44
How can you help others? Be a Security Champion Talk to your coworkers, friends and family about what you ve learned Practice what you preach Review your Web Pay setup Use the security features provided Talk to you IT department Ask questions about security Do everything you can to protect your information. You won t regret it. 45
Additional Information The Department of Homeland Security StaySafeOnline.org 46
47
48