*This article was originally published on Newshub.*
“Cyber security reports rose 65 percent last year compared to 2019, Cert NZ, a Government agency that supports businesses, organisations and people affected by cyber security fraud, said Kiwis lost $3 million in cyber security fraud in the first quarter of this year”
That is a huge increase in online security attacks, meaning we are now more exposed than ever. This affects individuals and companies alike.
Payroll is one of the most critical business functions when it comes to privacy and security and should be taken very seriously. With the new privacy act 2020 and the rise of cyber attacks, every business should be reviewing their IT security, privacy policies and clamping down.
Payroll databases hold personal identifiable information and even if you think your payroll system is secure (which I would question), data is often transferred from one place to another and might be susceptible to interception. Examples include:
- Bank files
- Reports sent to third parties like unions and Southern Cross
- Integration with other systems like HR and T&A
- Reporting tools like SSRS, Crystal
Here are 6 basic steps to improve your security:
- Install software and operating system update regularly.
- Back up business and customer data on a segregated network so if it’s lost or stolen, it can be recovered quickly.
- Use a password manager to keep track of passwords for each online account and as an extra layer of security, put two-factor authentication on. Password managers can generate highly complex and random passwords for you and you don’t have to remember them – only one Master Password.
- Enable logging to keep records for investigative purposes.
- Monitor logs for unusual activity and talk to service providers about how they can help detect unusual activity on the network.
- Have an incident response plan to enable the business to be prepared if the worst happens.
Here are some extra ones for Payroll:
- Regularly review your users who have access to the system and disable those who should no longer have access.
- Do not send any payroll data over plain text, excel etc. Rather use secure file transfer software like SendSafely | The End-to-End Encryption Platform.
- Publish payslips to employees via a secure online self service portal.
- Make use of two-factor authentication as much as possible.
- Cloud platforms are highly secure.
- Do not share your username or passwords, make sure every user has their own.
- Always ask for identification if someone calls and asks about payroll information.