So, picture the scene. It’s late Friday and the MD of your company sends you an urgent request for information about your company employees. You’d jump on it. Right?
That’s exactly what happened to an unsuspecting payroll department employee at social network company Snapchat, resulting in a theft of all of their sensitive employee data.
This latest phishing scam highlights yet again the need for systems and procedures to be in place to protect sensitive employee data, and for staff to be fully trained and aware of the implications of poor data protection.
Snapchat have apologised to existing and former staff, offering them two years of free identity-theft insurance and monitoring.
This kind of phishing attack is known as whaling, the act of targeting a member of a company under the guise of a colleague, often a superior or C-level executive. Common targets are finance or IT professionals, who have the necessary data or access to sensitive data. Reputable payroll outsourcing companies should have this covered under ISO 27001 accreditation, which lays out how they protect valuable company payroll data.
However, with more security breaches in house it’s important for organisations to train and coach internal staff on understanding and dealing with employee data theft and phishing requests such as these.