FAQs Remote Workforce: Protecting Your Company Data

Last Updated on May 21, 2020 by bigfish-admin

April 10th, 2020

Q: How do I know that when an employee is clocking in/ out it is authentic, when they are working from home but still using our system?
A: Our technology, iSolved, allows you to build unique IP restrictions in the system. When an employee log’s in under an IP address, the system will verify this is the approved IP address as listed in the system, allowing employees to clock in remotely.

Q: How can I be sure it is Big Fish contacting me via email about changes to payroll? 
A: Be sure emails you are receiving are from the ‘@bigfishemployerservices.com’ domain, in the header, every time. If you are receiving emails from any other domain address, even if it is only off with slight miss-spellings or errors, it is NOT coming from Big Fish. If you are ever unsure of an email, give us a call to verify it was an email sent by our team.

Q: What do I do if I suspect an email to be fraudulent?
A: The best thing to do is immediately forward this email to your IT representative. Your IT rep will take a look to see where this email is coming from, possibly even blocking the sender if it appears to be threatening. It is important to remember, if you do click a link to an email you suspect to be fraudulent, it is important to let your IT rep know right away, the sooner you let IT know the more time they have to protect you and company data.

Q: How do I know if the computer has been infected by a Trojan?  Will there be signs or symptoms on my computer?
A: Ideally, if it is a good Trojan you would never know. Most Trojans work in the background and are designed to not be noticed. The best protection you have is running antivirus software on your computer to be sure that you do not have a hidden trojan. An extreme alternative would be wiping your entire computer hard drive, of everything, and starting from scratch. 

Q: If we have a lot of junk emails from random companies, is this considered a risk at all? Should I consider changing my password?
A: Junk email does not necessarily mean that your email or password have been compromised. Your email may be available numerous places online; Linkedin, company website, etc. Many companies also data mine hundreds of thousands of emails and send these sort of ‘spam’ emails, or it is also possible you may have subscribed to some companies over the years. Marking it as junk mail and having it filter as junk is good enough. You have to worry about clicking any links in emails, receiving a spam email is not going to compromise your system in anyway, unless you click a malicious link within that email. No need to change a password in this case, but remain vigilant. 

Q: How do I know if it is really Big Fish emailing me for information if the email could be a fake one? Should I always call Big Fish to verify an email is real?
A: You can always call Big Fish if you are unsure about an email in anyway. This is an extra step but it will ensure your safety, and could save you a lot of heart-ache in the end.

Q: Can you clarify dual-authentication that Big Fish does?
A: When a Big Fish client requests a change be made to an employee’s bank account information, they may send via email ‘our employee just opened up a new account, here is the information, please update this information.’ We do not take that as the final communication and immediately make the change, we will call and follow up with that client to confirm. We want to be sure on our call to verify that our client did in fact send that email requesting a bank account change, once confirmed a change would be made. At Big Fish we have received multiple phishing emails, from our clients, asking us to change direct deposit information to a fake account. If we hadn’t called to verify, this might have been changed immediately, and that employee’s money would be paid into an attackers account. Any requested change that is made, whether it be a banking change on the account side or an employee direct deposit account, we will always call the client to verify as a dual factor of authentication.

Q: Will Kaspersky, TrendMicro or other malware software catch everything, even if there is already a trojan or something on the computer? in other words, if I install a malware software today, will it detect something that is already on my computer? Or will the software only work just going forward?
A: Yes, it is possible, depending on the type of scan you select. When installing your virus protection software, there are two types of scans you can do. Ongoing scans, which scans everything on your computer live as it is happening, if you download malicious software it will tell you in that moment. There are also file scans, depending on the size of your hard-drive and the number of files, these can take anywhere from minutes to hours. File scans will scan through every saved file you have on your computer, to search for any malware or trojan horses. If a Trojan is already hiding on your computer, you will need to run a full scan.

Before you click a Link.

Leave a Reply