Article

Cyber Security Awareness Month Is a Good Time to Review Your Payroll Provider

Cyber security payroll

Regardless of their size or industry, most South African organisations are vulnerable to cyber breaches, not only from outside the company, but from within, too. Payroll data and records are a potential goldmine for cyber criminals because the consequences, should this information fall into the wrong hands, could be catastrophic. Sometimes, with laptop theft for example, it could have a major effect if backups are stolen or if security protocols are not in place.

With October being National Cyber Security Awareness Month, companies need to think about how employees’ personal information could be used to carry out identity theft. They should also consider how the organisation’s accounts might be hacked and/or emptied. Either way, incidents of this nature could quickly become public relations nightmares.

Secure your payroll

Payroll in every organisation has the most sensitive information and making sure it does not fall in the wrong hands is critical. Cyber-attacks are growing, both in terms of frequency and sophistication. One major contributing factor is the move to remote workforces ushered in by Covid-19.

Bad actors are cunning and smart and known to attack when experts are on leave and the business is vulnerable, such as over long weekends or public holidays. There is always a rise in attack attempts during these times, and organisations need to be aware, particularly smaller businesses that do not have the resources for dedicated security teams and the latest technologies. Many companies don’t employ two-factor authentication and rely on passwords alone. Alarmingly, many do not even use passwords.

The effects of working from home on cyber security

Remote work also facilitates successful phishing attacks, not necessarily through work email alone, but through personal accounts accessed via work laptops. People tend to feel more comfortable at home and let their guard down to a certain extent. In addition, they often use multiple personal devices, such as mobiles phones, laptops, and tablets to access the company network and applications. Without two-factor authentication, compromising these devices become child’s play for attackers.

Organisations need to ensure they counter these threats by cyber-proofing all the apps they use, particularly when it comes to payroll.

This is why it is critical for businesses to periodically review and reassess their payroll providers. Make sure your provider has all the top security certifications, such as an ISO 27001 certificate and compliance with the NIST framework. While many companies use hosted applications, this is no guarantee that the provider has passed a formal security certification or sticks to best practices. If a provider does not have these certifications, look elsewhere.

Cyber security is a year-round assessment

Although many businesses relook their providers at the start of a new tax year, when it comes to cyber security, there’s no time like the present. The best time to improve your security was a year ago; the second-best time is now. Don’t fall into the trap of waiting for the new tax year to review your payroll provider and security. Ransomware attacks happen every day.

In terms of frequency, it is good to review payroll requirements annually, to ensure that the provider meets the evolving needs of the business, including security protocol, legislation changes, and business changes, such as restructuring or opening new branches abroad.

In reality, sometimes businesses are resistant to change or find it uncomfortable. This is particularly true when a business has an established relationship with a provider. However, business and technology cannot be separated from each other, and it’s foolish to endanger the business for the sake of a comfortable relationship.

Changing a payroll provider can be a painful exercise, and one that requires time and resources. However, remaining with a provider that uses outdated technology puts the business at risk, and far outweighs the effort and time it will take to opt for a security-conscious and innovative technology provider instead.

How to choose your payroll provider

So, what should companies look for when choosing a new payroll and HR provider? Firstly, ensure your provider suits your business. If you have a cloud-first strategy, never compromise with hosted solutions, and ensure you have a long-term view. Secondly, make sure the solution is scalable in both directions, as this will enable the flexibility needed to adapt to changing business needs.

Then, ensure your provider’s technology stack has a long-term ‘shelf-life’. Although legacy solutions might have a mature product, they will never offer the benefits of cloud solutions, because legacy technology simply does not allow for it. Also, look for an agile implementation approach, and one with tools that can clean up your data to maximise the full benefits.

Next, employee and manager self-service should be non-negotiable, enabling staff members to be more efficient and managers to simplify and streamline what would normally be mundane and repetitive tasks.

Moreover, ensure after-care support from the service provider, bearing in mind that support should have the required legislative, payroll and HR experience to support your product. Look out for costing models that are truly consumption-based, not feature-based.

Carry out a thorough investigation of multiple service providers before choosing one. Consult reference sites to ensure the size and complexity of your business can be adequately catered for. Ease-of-use and maintenance should never be underestimated. Don’t invest in software with expensive maintenance costs where changes and updates depend on the service provider. Make sure the roll-out and success of the product are in your hands.