Focuses on issues of importance to payroll professionals across Canada. It contains news, case studies, profiles and tracks payroll-related legislation to help employers comply with all the rules and regulations governing their organizations.
Issue link: https://digital.hrreporter.com/i/791124
News Published 12 times a year by Thomson Reuters Canada Ltd. Subscription rate: $179 per year Customer Service Tel: (416) 609-3800 (Toronto) (800) 387-5164 (outside Toronto) Fax: (416) 298-5106 E-mail: customersupport.legaltaxcanada @tr.com Website: www.carswell.com One Corporate Plaza 2075 Kennedy Road Toronto, Ontario, Canada M1T 3V4 Director, Media Solutions, Canada Karen Lorimer Publisher/Editor-in-Chief Todd Humber Editor Sheila Brawn sbrawn@rogers.com Editor/Supervisor Sarah Dobson News Editor Marcel Vander Wier Marketing Manager Robert Symes rob.symes@thomsonreuters.com (416) 649-9551 Circulation Co-ordinator Keith Fulford keith.fulford@thomsonreuters.com (416) 649-9585 Payroll Reporter Can R Can R adian adian a www.payroll-reporter.com ©2017 Thomson Reuters Canada Ltd ISBN/ISSN: 978-0-7798-2810-4 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, photocopying, recording or otherwise without the written permission of the publisher (Thomson Reuters, Media Solutions, Canada). Return Mail Registration # 1522825 | Return Postage Guaranteed Paid News Revenue Toronto Canadian Payroll Reporter is part of the Canadian HR Reporter group of publications: • Canadian HR Reporter — www.hrreporter.com • Canadian Occupational Safety magazine — www.cos-mag.com • Canadian Payroll Reporter — www.payroll-reporter.com • Canadian Employment Law Today — www.employmentlawtoday.com • Canadian Labour Reporter — www.labour-reporter.com See carswell.com for information About 69 per cent of all email is spam: Statistics small and mid-size firms, all or- ganizations could benefit from its suggestions. To guard against potentially dangerous emails, the website and guide offer the following advice: • Eliminate spam. Citing sta- tistics from cybersecurity firm Symantec Corporation, the guide states that about 69 per cent of all email is spam. It says spam is a problem not only because it can include links that could be harmful if clicked, but also because it can slow down company networks, servers and com- puters, which could increase a business' costs and reduce its productivity. • The guide recommends using a spam filter. "If your busi- ness is using email hosted by another company, ask them about what spam filtering services they offer. "If it is not working well, ask for a better spam filter or change email service providers." • Be careful of phishing emails that appear to be from an- other company, a bank or a government department. The guide states that it can be dif- ficult to recognize phishing emails because they often use real logos and familiar looking colours, fonts and layouts. It advises people to watch for links in the email. "In almost every case, the message will include a website URL (link) that they want you to click and a request or demand for confi- dential information," the guide states. Other signs that a link to a website may not be legitimate include hyphens, numbers, spelling mistakes and @ sym- bols in place of regular char- acters. "Encourage employees to manually type URLs in the address bar, rather than clicking on email links," the government advises on its cyber-safety website. "This can help ensure they are going to a legitimate site and not a malicious or spoofed site." • Do not click on unverified or suspicious links even if they are offered as a way to remove you from a distribution list. "Even just clicking a link could give away sensitive informa- tion that a cyber-criminal can use to hurt you and your busi- ness," the guide states. • Never open attachments in spam or suspected spam mes- sages. • Do not reply to emails that seem suspicious. "Doing so will only confirm that your email address is valid and will actually result in more spam," the guide states. • Even if an email looks le- gitimate, the guide advises checking with a supervisor before disclosing confidential information. If a suspicious email appears to be from an organization that is familiar, phone someone in the organi- zation to confirm whether it is legitimate. • Keep the company's employee email list confidential. "If you need to share an email address with someone outside of your business, use a generic email like customerhelp@ yourbusiness.ca," the guide states. • For all communication be- tween computers and web- based email servers, the guide advises using HTTPS, which encrypts data (meaning it converts data into a code that only authorized users can ac- cess) in order to keep it confi- dential. • Set strict password standards for email accounts, whether for business or personal reasons. Employees should not write their passwords on scraps of paper and leave them up in their worksta- tions. "They can be nabbed by people passing by and used to access their accounts," the guide says. • Before sending sensitive in- formation by email, the guide says employees should con- sider whether there is the risk of serious harm to themselves or their employer if the infor- mation falls into the wrong hands. "If the answer is 'Yes,' then use another more secure method," it advises. If it is nec- essary to send the informa- tion through email, the guide suggests encrypting email attachments and asking the intended recipient to advise when they receive it. • When there is an employment termination, employers must ensure that the employee's email account is closed quickly so that hackers cannot access it. Employers should also take steps to ensure that their out- going emails are secure. "Once criminals have access to a legiti- mate account in your business, they can use it to get the contact information associated with that account, send out spam, launch phishing attacks and more," the guide states. It recommends that employ- ers ensure that they use a secure email service and that only au- thorized employees be allowed to send emails from the business. In addition, the guide recom- mends that employers archive sent emails in case they need them in the future for an inves- tigation or for legal or financial reasons. While all parts of an organiza- tion must stay vigilant to avoid being taken in by email scams, it is critical for departments such as payroll and HR that handle sensitive information to stay on top of potential cyber-security threats. from FAKE EMAILS on page 3 March 2017 | CPR "By far the most common attempted fraud on small businesses are email scams and phishing."