“It appears that Paychex (payroll services) was hacked which gave the hackers the ability to gain access to (The Landings’) bank account information,” a sheriff’s deputy wrote in an incident report quoted by USA Today.
The Landings is a residential community Fort Myers, Florida. The alleged theft of half a million dollars took the form of unauthorized transactions from The Landings’ bank account.
Paychex confirmed to The News-Press/Naples Daily News that it is cooperating with an investigation of the alleged theft.
“While we generally cannot comment on pending legal matters, we are aware of the issue impacting The Landings, and have been cooperating with law enforcement,” Paychex director of corporate communications Chris Muller wrote in a statement. “We take fraud prevention very seriously and dedicate significant resources to risk mitigation.”
Robert Caves, a community association attorney with the firm of Becker & Poliakoff, said in an interview that association boards should have internal controls to monitor spending and ensure employees do not abuse their access to accounts.
But even strong internal controls might not be sufficient if a scammer gains access through an external payroll company, Caves said.
“Where you have a vendor that apparently had this occur, there may not be anything that the association can do even if it is properly internally approving the payment of invoices,” Caves said. “If there’s something going on in the backend of Paychex, it’s harder to anticipate that you can prevent that.”
How Asure Protects Your Payroll Data
Employees at Asure participate in rigorous security training on their first day of employment. Asure utilizes multi-factor authentication and our Information Security team (InfoSec) runs regular penetration tests where all employees undergo ongoing surprise blind tests.
The 7 Pillars of Asure’s Best-in-Class Information Security Controls
1 – Full compliance with the strictest privacy standards, including the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR)
2 – Complete vulnerability management scans
3 – Data encryption
4 – Protected cloud storage
5 – Customizable security rights (prevent unauthorized access and limit individual users to access only what you choose)
6 – SOC 1 and SOC 2 Type 2 Audits and Certifications (An independent third-party conducts a thorough examination of our entire organization. They verify we have an effective system of controls related to security, availability, processing integrity, confidentiality, and privacy)
7 – Compliance with ACH banking rules governed by the National Automated Clearing House Association (NACHA)