Back to Blog

Don’t Let Passwords Jeopardize Your Operations Security

Author:
Jerika Holton
|
Feb 7, 2023
|

It is no secret that remote work has increased rapidly since the Covid-19 pandemic. The United States Census Bureau reports that remote work tripled from 5.7% to 17.9% between 2019 and 2021. According to LinkedIn, by the end of 2022, remote work is at 25% and is projected to increase going into 2023.

With the introduction of new technology or an increase in technology usage, hackers manage to find ways to capitalize on the latest trend. This is the same as the increase in remote and hybrid working. According to GlobalNewswire, remote working resulted in a 238% rise in cyberattacks. The HR and payroll departments hold personal information such as SSN, banking information, addresses, etc. Employees now access company and HR information through their home networks and devices, so they must be equipped with the tools to combat cyber-attacks.

Cyber-attacks not only have a significant impact on your employees, but the attack can also threaten your organization's reputation. Your login is the main thing between becoming a victim of cybercrime and giving hackers access to your sensitive information. When evaluating security measures, you can take to protect your organization, consider evaluating how your employees access company information.  

Traditional Passwords

When thinking of passwords, your first pet, your mother’s maiden name, or even the first street you grew up on may come to mind. In reality, passwords have been around for centuries. Before technology, word of mouth was used to communicate a keyword or phrase that would grant someone access. In the 1960s, digital passwords were developed, along with the first incident of a stolen password.  

Fast forward to 2023, and we still see that passwords are still susceptible to cyber criminals. WebsiteBuilder.org reports that globally every 39 seconds, hackers are using scripts to guess password information. Traditional passwords are no longer the most secure protection method for highly confidential company and employee information inside the HR department.

Not only are passwords highly susceptible to hackers, but traditional passwords can also be more legwork for your employee. If they forget their password, they may be forced to reach out to the HR department for help gaining access to their account.  

With password options that allow you to log in once and choose the option to “remember you.” When the employee returns, they do not have to enter their password again. Utilizing a “password manager” allows you to store the password on the device. This way, you can save complex passwords that may be hard to remember but provide a higher level of security.  When the employee returns, they only enter the email and in most cases the password to their device. The password will autofill for them.

If you choose a provider who uses the traditional login method, here is a step your organization can have for password security.

  • Password complexity rules are in place to make it more difficult for hackers to gain access. For example, Scientific America reports 12-character password is 62 trillion times more difficult to crack than a 6-character password.
  • Require employees to update their passwords to help detract hackers frequently.
  • Make payroll a security focus. Conduct background checks for new hires, utilize ACH to verify banking information and encourage employees to use direct deposit.
  • Be selective on who has access to the payroll and HR operations. The fewer “cooks in the kitchen,” the better.
  • Be sure to terminate any access to existing systems before employee termination.
  • Utilize a payroll provider with robust security measures to protect your secure information and conduct regular payroll audits.

Two-Factor Authentication

Many companies have moved to two-factor authentication (2FA) instead of traditional passwords. Microsoft reported that two-factor authentication blocks 99.9% of all attacks. Since the payroll and HR departments hold sensitive employee information, 2FA can be a more secure login method.  

A secure one-time password is sent to your mobile device or an authentication app, like Microsoft Authenticator, to gain access to your account. The steps are easy to follow.

  1. Log into your account.
  1. Enter your regular username and password
  1. A passcode is sent to your mobile device
  1. Enter the code, and you are done!

Employees will still use a traditional password, but the 2FA code will add an extra layer of security to ensure the verified user is accessing the account.

One Time Passwords

Unlike a traditional password, since you only use one-time passwords once, there is no password to remember. This can present many benefits. For one, there is no need for a password so there are fewer inquiries to your HR department. Second, hackers cannot remember your password for later use since the code expires after it is used.

Sinch reports that an identity thief has a one-in-a-million chance of getting your OTP right, or a 0.000001% probability. The OTP method makes it easy to provide top security without the redundant need to log in using an password, and then an additional one-time code.

Although 2FA and one-time passwords are the more secure method, it is not perfect. It is essential to ensure that when you send the code to your mobile device, no one has access to your phone during that time. If you receive a request you did not authorize, do not approve it.

Which Password Method is Best to Use?

The growth of remote work and employee self-service technology has increased the risk of hackers gaining access to employees’ personal information. Organizations must choose a provider that provides a secure way for employees to access their information. Providers like Greenshades, provide configurations for all password types.

Although traditional passwords are a less secure method for signing in, they can still be effective for accounts that do not hold personal information. It is not recommended for sensitive company information but can be effective for accounts that do not contain personal and banking information.

For accounts containing confidential payroll and HR information, 2FA can be the best option if your organization would like to continue using passwords and wants to add an extra layer of security. If you choose to replace the use of passwords overall, then the OTP method will be the best for your organization.

Want to learn more about the security measure Greenshades takes to keep your payroll and HR information secure? Contact us at sales@greenshades.com.  

Our latest articles, opinions, and more
Get the latest updates from our company by subscribing to our newsletter. Stay up-to-date with our content, receive news about our products, and gain industry insights from our experts. Don't miss out on this valuable resource - sign up today!
By subscribing to our email updates, you agree with our Privacy Policy.
See the difference for yourself.
Get a demo