Payroll and Security: Top 3 Things to Consider

Security issues abound in the information age. Wherever you turn, bad actors are seeking to get their hands on data that will allow them to assume identities, steal, and wreak all sorts of havoc on people's lives. As a provider of cloud-based payroll services, we fully understand the need to make sure every aspect of our business is secure.

To say that payroll and security go hand-in-hand is to state the obvious. We would not be meeting our fiduciary responsibility to customers if we failed to maintain proper security. Likewise, employers have similar responsibilities to their employees. They have an obligation to protect workers from fraud by ensuring payroll data is secure.


Here are the top three things to consider in regard to payroll and security:


1. What Hackers Are After

Hackers attempting to breach a payroll system are after specific kinds of data. They are looking for names, addresses, Social Security numbers, and bank account numbers. What will they do with this information? Actually, they can do a lot with it.

A name, address, and bank account number would allow a hacker to completely drain a victim's bank account. Doing so does not even require sophisticated technology. A hacker can simply print a fake check, fill in a dollar amount, and go cash it.

A person's name, address, and Social Security number allows hackers to file fake tax returns to request refunds. The same information can be used to open new credit accounts. A person's entire identity can be stolen with just those three pieces of information.


2. How Hackers Do It

The second thing o consider is how hackers go about doing what they do. While they can use sophisticated hardware and software to launch network attacks, the vast majority of data breaches are not that sophisticated. Hackers find it easier just to rely on human nature to get payroll employees to give them the information they want.

For example, the IRS sent out a warning earlier this year to remind employers of a scam designed to gain access to taxpayer information. The scam was pretty simple: a hacker would send an e-mail to a company's HR department requesting employee information. That e-mail was disguised to look like it had come from a company executive. Any unsuspecting HR worker who sent the requested information actually compromised payroll security.

Human beings are always the weakest link in a secure network environment. We assume too much, believe even more, and fail to recognize when someone is trying to scam us.


3. How to Make Hacking As Hard As Possible

The final thing to consider is how to make hacking as hard as possible. There is no foolproof way to prevent hacking 100%, but employers can make it extremely difficult to the point that hackers decide to move along and look for easier targets. In that sense, security policies and strategies are a lot like monitored home alarm systems.

One of the first things employers should look into is moving payroll into the cloud. These days, hardened cloud environments are more secure than local networks. Companies should seriously consider taking payroll off their local computers and moving it to a cloud platform.

Employee training is another critical component here. HR and payroll personnel should be trained in the company's procedures and policies for avoiding fraud. If no such procedures or policies exist, that needs to change. Employees cannot be trained if a company doesn't even know what its policies and procedures are.

Payroll and security go hand in hand. They have to because payroll involves very delicate personal information.