Our Commitment to Data Security
At GTM, we understand that trust is the foundation of our relationship with you. When it comes to payroll, security, and compliance these are not just priorities, but imperatives. We are dedicated to maintaining the highest levels of data security, fraud prevention, and regulatory compliance to protect the sensitive information you entrust to us.
Our state-of-the-art security measures are designed to safeguard your data from unauthorized access and cyber threats. We employ a robust combination of physical, administrative, and technical controls, including advanced encryption technologies, continuous network monitoring, and strict access controls, ensuring that your data is protected around the clock.
Security is integral to our operations. It’s at the very core of what we do with multiple layers of protection embedded into our products, processes, and infrastructure.
We stay abreast of the latest regulations and standards in the payroll industry and work tirelessly to ensure our processes and policies meet or exceed all statutory and regulatory requirements, giving you peace of mind.
We are committed to delivering a payroll solution that is not only efficient and reliable but also rigorously secure and compliant. Trust us to handle your payroll needs, so you can focus on what matters most — running your business.
How GTM Keeps Your Data Secure
Annual Security Assessments
GTM undergoes annual security assessments from the New York State Department of Financial Services and adheres to the National Institute of Standards and Technology (NIST) for cybersecurity standards.
Third-Party Audits
GTM submits to several third-party audits including SOC 1 audit, Nacha, and financial statement audits.
SOC 1 Audit
Developed by the American Institute of Certified Public Accountants (AICPA), a SOC 1 audit is specifically designed to assess the operational effectiveness of the key internal compliance and information security controls at a service organization like a payroll provider.
For our clients, a SOC 1 audit helps:
- Ensure the protection of their financial information
- Demonstrate GTM’s commitment to corporate governance
- Provide assurance that our systems are secure
Conducted by an independent and certified public accounting firm, a SOC 1 audit is considered the industry standard for evaluating, testing, and reporting on security and compliance controls and shows an organization’s commitment to client data security.
Nacha Certification
As part of our continued efforts to assure our commitment to data integrity and security in our handling of client data, GTM undergoes an audit of our compliance with established rules and procedures provided by the National Automated Clearinghouse Association (Nacha).
Nacha governs the ACH Network, the payment system that drives trillions of dollars each year in direct deposits and direct payments.
Becoming Nacha Certified means GTM has taken the necessary steps to understand threats and put proper controls in place to manage risk, providing a level of security for our clients and the workers they employ who depend on GTM to get paid. It shows that GTM is upholding the highest standards to protect your employees’ pay and keep their information secure.
To become Nacha Certified, GTM conducted both a Nacha Rules Compliance Audit and an ACH Risk Assessment and implemented a Compliance and Risk Program with detailed policies and procedures.
Financial Statement Audit
A financial statement audit is an examination of the accuracy and completeness of a company’s financial statements conducted by an independent auditor.
GTM prepares its financial statements in accordance with a framework of generally accepted accounting principles (GAAP) in the U.S.
The fair presentation of those financial statements is evaluated by independent auditors using a framework of generally accepted auditing standards (GAAS) which set out requirements and guidance on how to conduct an audit.
Our clients and partners can take comfort from the independent assurance that GTM’s financial statements fairly present the company’s financial position and performance.
Additionally, this means:
- Increased confidence in GTM’s reliability and stability
- A lower risk of service disruption due to financial instability
- Reduced likelihood of regulatory or legal issues that could indirectly affect them
- Transparency in our operations, which provides a clear view of our financial health and business practices
By undergoing a financial statement audit, GTM provides assurance of our financial health and adherence to accounting standards, which enhances trust and reduces risk for our clients.
Employee Training
GTM employees complete monthly security awareness training and phishing testing. Topics include:
- Clean Desk
- Bring-Your-Own Device
- Data Management
- Removable Media
- Safe Internet Habits
- Physical Security
- Social Media
- Scams (phishing, vishing, smishing, spear phishing, and whaling)
- Malware
- Social Engineering
- Incident Response
- Security Responsibilities
Key personnel receive continual training in new guidelines and practices, testing, and advanced technology.
GTM requires more than one form of verification to access sensitive payroll information (Multi-Factor Authentication or MFA).
GTM also uses Role-Based Access Control (RBAC) to limit access to payroll data based on the user’s role within the company, ensuring that employees can only access information necessary for their job functions.
Technology Testing and Evaluation
In addition to malware detection and prevention, firewalls, and other industry-standard tools, GTM’s testing and evaluation of our technology assures our clients and partners that we are serious about maintaining high-security standards and protecting sensitive data from potential cyber threats.
Penetration Testing
GTM undergoes third-party penetration testing, which brings an unbiased perspective to the security assessment process. Penetration testing identifies and exploits vulnerabilities in our applications and network infrastructure by simulating cyberattacks under controlled conditions and tests the effectiveness of our existing security measures to isolate any weaknesses that a real attacker could exploit.
GTM receives a detailed report outlining discovered vulnerabilities, the methods used to exploit them, and the potential impact of each exploit. This report also includes recommendations for remediation to further enhance our security posture.
Monthly Vulnerability Scanning
Monthly vulnerability scanning is a proactive security measure where we scan our technology systems, such as networks, applications, and other computing resources, to identify and report potential vulnerabilities. This process is an essential part of our robust cybersecurity strategy, ensuring that vulnerabilities are identified and addressed systematically before they can be exploited by malicious actors.
24x7x365 Intrusion and Threat Detection
GTM deploys continuous, around-the-clock monitoring of our computer networks and systems to identify and respond to potential security threats, breaches, or unauthorized activities every hour of the day, every day of the year. This level of constant vigilance is crucial for GTM in protecting sensitive data and critical infrastructure from increasingly sophisticated cyber threats.
How GTM Helps Prevent Fraud
Combatting fraud is vital for any payroll company, as it directly influences the security of sensitive financial data and the overall trust that clients place in the company’s services.
Dedicated Fraud Prevention Program
GTM’s dedicated fraud prevention program is essential for protecting against fraud, ensuring the integrity of financial transactions, and maintaining the trust of our clients and their employees. Our program encompasses a range of measures and tools designed to detect, prevent, and respond to fraudulent activities. Our program includes:
Employee Training and Awareness
GTM employees receive ongoing training on recognizing and preventing fraud. This includes understanding the types of fraud that can occur in payroll processes, such as ghost employees, wage overrides, check washing, false wage claims, and timesheet fraud as well as initiatives to keep our staff alert to the signs of fraud, encouraging vigilance in their daily tasks.
Audit Trails and Monitoring
GTM has tools to monitor payroll transactions for signs of unusual activity that could indicate fraud and keep comprehensive logs of all payroll transactions, which can be used to trace the origins of fraudulent activity.
Fraud Detection Technology
Utilizing advanced analytics, GTM can spot patterns and anomalies that may suggest fraudulent activities, such as duplicate payments or irregular payroll adjustments.
Incident Response Plan
GTM has a formal plan that outlines the steps to be taken in response to a detected payroll fraud incident, including how to contain the fraud, mitigate damage, investigate the incident, and notify affected parties.
Partnerships and Collaborations
Working with financial institutions, cybersecurity firms, and other partners, GTM continues to enhance fraud detection capabilities, keep pace with ever-evolving anti-fraud practices, and secure transaction processes.
Payroll Fraud Prevention Group
GTM is an active member of the Payroll Fraud Prevention Group, an association of payroll industry organizations, dedicated to sharing fraud information, working with outside vendors to build cost-effective solutions to share fraud information, educating the payroll industry on the issues posed by payroll fraud, and lobbying for regulatory changes as needed.
The group was organized to promote the prevention of fraud in the payroll industry and proactively address any major policy, administrative, and systematic issues that impact payroll service providers.
Fraud Prevention Policies
Know Your Client
Know Your Client (KYC) verification is a standard used in the financial services industry to verify customers, act as the first line of defense against fraud and other illegal activities, and safeguard both GTM and our clients.
The three components of KYC include the customer identification program (CIP), customer due diligence (CDD), and enhanced due diligence (EDD). These measures are designed to prevent identity theft, financial fraud, and money laundering.
Bank Secrecy Act
GTM complies with its Bank Secrecy Act (BSA) and its anti-money laundering (AML) policy by:
- Reporting actions that might signal criminal activity like money laundering or tax evasion
- Establishing effective customer due diligence systems and suspicious activity monitoring programs
- Adopting a customer identification program
- Designating a compliance officer who oversees BSA compliance
- Implementing rigorous internal controls
- Conducting regular employee training and periodic independent audits
Compliance with the BSA is a critical component of GTM’s risk management framework by preventing criminal elements from utilizing GTM payroll transactions for illicit purposes.