APA members participating in the IRS’s Security Summit are helping to identify potential threats from cybercriminals. Cybercriminals often steal data by changing direct deposit details or other means of identity theft. They generally steal data through five categories:
- Personally identifiable information (PII). PII is a combination of information about people that helps to identify them, such as an address and social security number.
- Authentication. During login (authentication), many systems require a username and password to access sensitive content. Hackers can steal or guess a password to access restricted systems.
- Social engineering. Social engineering, or phishing, attempts to target sensitive information by sending emails supposedly from a trustworthy source (e.g., an executive within the company asking for sensitive customer information). Successful phishing can give hackers unauthorized access to a user’s personal information and to a vast organization-wide network.
- Insider threats. Insider threats occur when individuals within an organization misuse their access for malicious or inappropriate purposes. The vulnerability is not always intentional. An employee may accidentally leak data or expose the system. Insider threats can be difficult to detect because the attack typically involves a legitimate user.
- Third-party services and vendor management. As part of outsourcing services, vendors may have access to employer data or computer systems. If the third party experiences a breach of information or service availability, it may directly impact the security of payroll operations.
Learn how payroll professionals can protect against these categories of identity theft in the May 2020 Inside Washington.
Not a member of APA? Check out the many benefits you get when you join!
Alice P. Jacobsohn, Esq., is Senior Manager of Government Relations for the APA.
