This blog is not to be construed as legal advice. Please consult a qualified attorney for all legal matters. Nothing on this site is meant to portray infallibility.

At the bottom of this blog is a copy of a checklist from the Commonwealth of Massachusetts that may be useful to use to make sure you are in compliance with 201 CMR 17.0. If you have personal information for employees or clients you should review this checklist and consult experts in the field.

When it comes to payroll, time and attendance and HR (Human Resources) Security is always at the front of our minds, and it should be. One of the best ways to prevent Internet theft is through good, highly secure passwords. Most people do not have the best system for Password selection.

What to do avoid:

Names in the english language – Hackers use dictionary lists to try for the obvious. Your name, social security, dates of birth or personal significance, addresses, etc. all are problematic.

What to do:

Make sure you have up to date spyware, malware, anti virus software, software and hardware firewalls.

Make sure you change all applicable passwords upon termination of an employee.

Change passwords on a regular basis.

How to design a more secure password system that you can remember:

Pick a phrase and use the first letter, mix capitals and lower case, numbers and characters.

Example:

Phrase = In 1971 my first dog was Rover when I lived at Cranberry Lane.

Password = I1971mfdwRwIl@CL

This is a long example but it gets the point across and the user is unlikely to easily forget this password.

201 CMR 17.0 Checklist

 http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf