Year-End Security Checklist for your GreenEmployee.com portal

December 14, 2017
Some High Value Content Offer Title Goes Here
The main offer should goes here. It can take the entire length. Should be about a report, cheatsheet or maybe a recent video.

Year-End is here once again, and with it comes the return of a host of checklists, activities, and must-do tasks that all compete for time. We ask that you carve out time to assess the security settings on your GreenEmployee.com portal. Please make it a priority for your IT and security teams to review all of the Employee Access and Administrator Access settings before uploading your 2017 W-2 tax forms. This review is especially important this year, as identity thieves and scammers have a fresh set of data from the recent Equifax breach. While all portal settings should be reviewed, two especially important settings are described below:

Identity Confirmation

When an employer decides to host employee information on GreenEmployee.com, they also specify how GreenEmployee.com should validate a new visitor as one of their employees. This validation happens as part of a new account setup and/or account access process. This step is required by GreenEmployee.com as well as other similar employee service websites, including portals from each of the major payroll service providers.

The identity confirmation settings, found here, govern how GreenEmployee.com can determine whether a new user is a valid employee and not an imposter. Each employer owns the settings on this page (since each employer knows how to best validate their employees’ identities). Greenshades recommends that employers record employee cell phone numbers in their accounting system and upload that information to GreenEmployee (or, for employers using an Excel Upload option for their Year-End Forms functionality without synchronizing their full payroll details, the phone numbers would need to be present in their Excel spreadsheet). Then, when a new user claims to be one of your employees, GreenEmployee can text a security code to the number that you have provided to verify that this visitor is truly the employee in question. This one of the most secure and recommended options on the identity confirmation settings page.

However, we know that many of you are unable to collect and record these numbers, which is why there are a handful of additional confirmation options. Caution must be taken when enabling and configuring these additional options to ensure they make sense for each individual employer. Providing custom security questions that hinge on personal information is not an acceptable security control when identity thieves may come to the portal already equipped with personal information from Equifax and other large-scale breaches.

Public Search for Portal

Each employer using GreenEmployee is assigned a unique prefix, also known as a “company code,” to their GreenEmployee link, for example “ABC.GreenEmployee.com.” Employees must visit this link or else provide their employer’s company code to see the login page for their employer’s portal.  Employers should communicate their unique GreenEmployee link to their employees and only their employees. Historically, some employers are unable or unwilling to distribute company codes to their employees and have asked for their unique link to appear in a directory of GreenEmployee portals that can be searched by company name or phone number. This is the “Public Search for Portal” option found here. Employers who have enabled this option should verify that they have no way to distribute unique links and truly need this option.

However, we know that many of you are unable to collect and record these numbers, which is why there are a handful of additional confirmation options. Caution must be taken when enabling and configuring these additional options to ensure they make sense for each individual employer. Providing custom security questions that hinge on personal information is not an acceptable security control when identity thieves may come to the portal already equipped with personal information from Equifax and other large-scale breaches.

Public Search for Portal

Each employer using GreenEmployee is assigned a unique prefix, also known as a “company code,” to their GreenEmployee link, for example “ABC.GreenEmployee.com.” Employees must visit this link or else provide their employer’s company code to see the login page for their employer’s portal.  Employers should communicate their unique GreenEmployee link to their employees and only their employees. Historically, some employers are unable or unwilling to distribute company codes to their employees and have asked for their unique link to appear in a directory of GreenEmployee portals that can be searched by company name or phone number. This is the “Public Search for Portal” option found here. Employers who have enabled this option should verify that they have no way to distribute unique links and truly need this option.

Sign up for updates
Get notified when we publish new articles in the
Platform
category.
By subscribing to our email updates, you agree with our Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Next post
This is some text inside of a div block.
See the difference for yourself.
Get a demo