How Secure Is Your Payroll Data?


Keeping payroll information protected no longer is as easy as securing files in a locked cabinet.  Despite all of the online safeguards taken to protect sensitive employee information, employers remain vulnerable to data breaches.

Inside Threats

A critical component to securing payroll information is training employees, who sometimes may be the biggest source of security weakness at a company.

Employers should try to understand the motivation of employees who might undermine payroll functions. Writing a data-security policy that includes employee rules for personal computers and flash drives is a good start, but these precautions can only do so much if someone is intent on sabotage.

The Association of Certified Fraud Examiners of Austin, Texas, the world's largest anti-fraud organization, said in a 2012 report that employers should try to look for behavioral red flags, including gambling and other addictions. The report found that living a lifestyle beyond one’s means was  identified as an indicator in 35.6 percent of those caught. Additionally, 27.1 percent had financial difficulties. The most likely people to commit workplace fraud are nonmanagement employees, followed by managers, executives and business owners, the report said. Limiting access to critical information may reduce the rate of security breaches among employees.

Outside Threats

There are two types of external threats: information-system hackers and disasters. With hackers, employers should be aware that even organizations with strict protocols may not be considering all external security risk possibilities. Just having the minimum security measures no longer is an effective strategy. There always are stronger encryption measures for virtual cloud computing and additional safeguards against threats, such as implementing software to deter malware. Employers using outside vendors should ask questions about vendor security protocols instead of trusting blindly. Important questions to ask include:

How will data be protected?

  • Who will have access to the data?
  • What policies are in place to detect and/or prevent tampering?
  • Does the vendor have a disaster recovery plan?

Disasters, which may include weather-related emergencies, bomb threats, fires, labor strikes, political upheaval, protests or terrorism, require preparation and the development of guidelines and protocols.
An example of political turmoil affecting payroll includes the long-term tensions over a maritime boundary dispute with China that resulted in 2014 in anti-China protesters destroying more than 350 factories in a Vietnamese province.

To be prepared for emergency and unforeseen events, payroll departments should identify the processes critical to paying employees and meeting tax and filing obligations. A plan should be developed to secure critical information, whether at off-site storage facilities or through a virtual data cloud.

Security Safeguards

Here are some tips to remember when protecting employee information:

Do not use obvious names for files and passwords, such as “banking” or “payroll.”

  • Employers and vendors should agree on data-retention time periods.
  • Limit access to critical payroll and employee information.
  • Develop or update a disaster-recovery plan.

Take a free trial to Bloomberg BNA’s  International Payroll Decision Support Network , your one-stop resource for reliable, up-to-date guidance and analysis in every area of payroll administration and compliance.