Technology in Total Rewards

Regulations and Compliance

Regulations have created a compliance burden for organizations. Information regarding employee benefit plans, personal, and individual salary information must not be accessible to the public at large. It is the fiduciary responsibility of the organization and the employees assigned to such processes to maintain controls that protect the confidentiality of the information. This includes salaries, health plan choices, retirement plan investment choices and balances, medical conditions, and performance improvement plans. Technologies that enable compliance with Sarbanes Oxley (SOX) by allowing for 1-over-1 approvals of “financial” transactions like variable compensation payouts, merit and off-cycle increases, or equity awards, must also be maintained.

It is imperative that electronic total rewards systems have proper security to not allow access by unauthorized individuals. Organizations may require system users to have strong passwords or personal identification numbers (PINs) coupled with dual authentication (2FA). Each participant's password or PIN must be unique and specific to that individual, and not based on information readily available to the public at large. With cyber threats always a concern, companies should establish protocols that prohibit the use of birthdates and Social Security numbers to access sites as they do not guarantee information protection. The recommended minimum number of characters for a strong password is 12 with a combination of uppercase and lowercase letters, numbers, and special symbols.

An additional concern, especially where employees access information at work in shared workspaces, is the "unintended onlooker." This concern over employee privacy and security has led employers to use partitions, cubicles and other barriers in open office environments. Other solutions are privacy filters and training employees to position their monitor away from public view and to lock their screen whenever they are away from their desk.

Memory Jogger

What would be the most secure login?

Continue