Eight Ways GreenSlate Protects Your Payroll Data

It can be nearly impossible on film and TV sets to completely secure Personal Identifiable Information (PII) with paper start work and timecards. 

Many productions rely on PAs, coordinators, and other non-finance production crew members whose roles do not require background checks to collect personal data, such as I-9 documentation and copies of government IDs, social security cards, and banking information. This puts crew at risk for identity theft.

Productions in the field also often rely on spaces that are not secure for paper documents, such as unlocked filing cabinets or desks. In post, documents are often handled by moving companies and stored in shared spaces and commercial storage facilities.    

To eliminate a paper trail, many productions think that emailing their information or using platforms like Dropbox gives them more protection. Unfortunately, this also leaves PII vulnerable. Scans and files get saved to laptops, where they can be insecurely stored indefinitely. And emails can be shared with the wrong people via cc or forwarding. 

These risks can make crew members reluctant to share their data. Lost or misplaced paper documents as well as manual data entry into the payroll system can also cause delays in processing times and errors in payroll data. 

The best solution is for individuals to enter their PII directly in a closed system like GreenSlate. Crew members enter their data into the GreenSlate app, which has many layers of the latest, most sophisticated security controls and protocols in place. This multi-layered approach also gives us situational awareness of what is happening with our systems and allows us to detect potential threats and take swift action. Closing the loop on safely and securely sharing PII provides the level of security that studios demand and all productions need.

• We start at the very edge of our internet presence by blocking countries from which many advanced attacks are launched. 
• Attackers attempt to knock websites off of the air by sending high volumes of traffic - better known as Denial of Service (DoS) attacks. We defend against this using a top-tier internet edge network.  
• Web application firewalls (WAFs) are in place to prevent specially crafted attacks against our application. 
• Rigorous secure coding training for our developers reduces the likelihood that vulnerabilities will surface in our application. 
• We engage well-known “white hat” hackers annually to test our defenses.
• Stringent controls, including multi-factor authentication (MFA), ensure only the right people have access to your application data. In order to access the application, you must supply your username, password, and a unique, time-based code sent to your phone. MFA is also required for some high-risk transactions related to email, passwords, and payments.
• Background checks, regular security awareness training, as well as phishing simulations make our employees resilient to compromise, and information is regularly shared on emerging threats to protect employees against falling victim to new hacker techniques.
• All of the systems that house your highly sensitive data are monitored 24x7x365 by a security operations center. When suspicious activity is detected, we are immediately alerted to investigate. 

Managing such a comprehensive approach to security requires a strong framework on which to build. We utilize two well-known frameworks: the US National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and the Center for Internet Security (CIS) Top 18.

Every year we also undergo System and Organization Controls (SOC) 1 Type 2, System and Organization Controls (SOC) 2 Type 2 examinations performed by external auditors. These audits evaluate our controls to validate they are in place and operating as designed.

For more information on GreenSlate data security, visit our data privacy and security page.