The SSA/IRS Reporter, Spring 2018, contains an article written by APA on how creating a payroll risk management plan is a key cybersecurity measure for employers. To avoid phishing schemes seeking valuable employee data, payroll departments and their employers must have risk management plans with verification procedures in place.
The article, “Creating a payroll risk management plan is a key cybersecurity measure” explains that a popular scam is to send an email to someone with payroll access that appears to come from a company executive requesting a list of employees and the data from their Forms W-2, Wage and Tax Statement.
To avoid becoming a victim of a scam, the most important step in a risk management plan is an assessment of vulnerabilities. This includes an assessment of the consequences of not having a plan in place or plan failure and a regular schedule of review because the scams evolve. Cybersecurity measures begin with training employees to exercise vigilance when handling data or using the internet. Requests for information must be properly vetted so the information remains protected. Finally, an employer’s risk management plan should include procedures on what to do both internally and externally if there is a payroll data breach. Employers want to respond as quickly as possible to fix any mistakes.
Not a member of APA? Check out the many benefits you get when you join!