Sadly, the threat of a cyberattack is something that all businesses need to be aware of and prepared for. Instead of subsiding, cyber criminals are becoming increasingly smart and sophisticated, and so it’s important to recognise where your weaknesses are. For many companies, one potential area of weakness that often gets overlooked is payroll. Make sure you’re properly equipped to survive an attempted cyberattack by putting appropriate payroll security in place now, writes Matt Bragg, a director of FMP Global, providers of outsourced payroll and HR services for SMEs. Matt is a commentator on the issues in the worlds of HR and payroll.
As well as simply defending your business from a data protection perspective, payroll security is necessary to protect your employees too. Whether your company uses an in-house or outsourced payroll team, it’s important to realise that these professionals handle your teams’ personal data every day. Generally this includes all of the following:
•Full names
•Age
•Address
•Date of birth
•National Insurance number
•Bank Details
•Salary
If a cybercriminal were to obtain access to any of this information, it would stand them in good stead to set about defrauding your staff. This would not only be upsetting to the victim, but it could lead them to lose faith in your company, and even tender their resignation.
What is the security risk to payroll?
Because the payroll department handles such sensitive information, it’s no surprise that this area of business frequently receives the attention of cyber criminals. This means that examining the potential risks in payroll should be a priority when it comes to the wider business security assessment.
HR and payroll teams are entrusted to deal with sensitive information every day, which means they can often reach out to anyone within the business without raising suspicion. While of course you would like to think you can trust your HR and payroll staff, it could be that cybercriminals find a way to impersonate them, and gain further personal data of others using subtle scams.
In big companies, employees may be unaware of who the HR and payroll team are. This means that they could be at risk of providing their personal information to anyone who requests it – without realising they shouldn’t. Whether they know it or not, this sadly makes HR and payroll staff potential (and even unwilling) facilitators of cybercrime.
Ways to improve payroll security
There are a number of ways to ensure your payroll is adequately secured from cybercriminals, from educating staff to regularly updating your systems.
Encourage a security-focussed culture
One of the most effective methods for securing your payroll, and indeed other company data, is to promote a culture that prioritises security. This can be achieved by providing training and resources to staff, and educating your teams to be suspicious of anything unusual. Staff should feel encouraged, and know how to query unexpected phone calls and emails to their manager or other senior staff.
Host regular training sessions
Every company will have multiple policies relating to all matters of business and employment, including some relating to data protection. All staff should be familiar with these, and have a good understanding of what the company does to keep information secure. Regular training should be administered to remind staff of this information, and to keep teams well-informed with regards to security systems and protocols. This is true not only of entry and mid-level staff, but also the C-suite, who often rely on IT teams when it comes to cybersecurity matters.
Administering system updates
A significant proportion of cybersecurity breaches happen when vulnerabilities become apparent, many of which occur when updates are not carried out. One of the main reasons why digital systems are programmed to update regularly is so that more steadfast security tools can be put into place. So, next time you are met with a pop-up requesting an update on your software, be sure to approve it. Using old versions of software is known to cause problems for all kinds of users. If the software becomes unsupported, it is suddenly much more vulnerable to cybercriminals. When it comes to payroll software, most programs will automatically conduct updates.
Make sure passwords are changed regularly
The amount of people that use the same password for multiple accounts and platforms is alarming. Plus, a large amount of these passwords are easy to guess. In fact, the top ten most common passwords are:
1.123456
2.Password
3.123456789
4.12345678
5.12345
6.11111
7.1234567
8.Sunshine
9.Qwerty
10.Iloveyou
Make sure your HR and payroll teams don’t fall into this trap by educating them on the importance of strong passwords. You should also put into place a procedure that forces staff to regularly change passwords, and one that ensures certain specifications are met. For example, passwords should include numbers, special characters, and upper and lower case letters.
Consider email security
Emails are a common entry point for many cybercriminals. Whether it’s through phishing scams or through the impersonation of a trusted source, cybercriminals have found many ways to tap into the vulnerabilities of recipients. Most of the time emails are secure, however this is no longer the case when they’re being accessed on insecure networks. That is; public WiFi. When it comes to emails relating to payroll, it’s vital to apply extra protection to data attachments in the form of encryption. Even better than this, consider keeping payroll data in specific applications and software, and using encrypted file transfers and sharing, in place of emails.
Use an outsourced payroll provider
Those using an outsourced payroll company have the added benefit of payroll information being completely off their systems. Reputable suppliers will have quality security measures in place in order to properly protect all the data they store. This is absolutely vital for them to survive in such a competitive marketplace. With the most recent, regularly-updated software, premium tools and systems, payroll suppliers are equipped to keep such sensitive information thoroughly protected. Be sure to do your research though, and only use well-respected, reliable outsourced payroll companies.
Recognition of the fact that cybercriminals are incredibly skilled at what they do is the first step toward defending against a breach. It becomes even easier for a cybercriminal to access information if a company has not put adequate protection in place, because they have underestimated their potential vulnerabilities. When it comes to payroll, it’s imperative that managers and directors recognise this area of the business as one of interest to cybercriminals. Security plans and policies should focus on this, as well as the rest of their systems and data.
