Payroll Security Holes and How to Close Them

The payroll department has always required a heightened level of security. Couple the sensitivity of the information being handled with the rise in the use of software as a service (SaaS) human resource information system (HRIS) options that steadily grow and improve, and getting your arms around payroll security can feel almost daunting.

It’s understandable that payroll managers have real concern over cloud-based solutions that allow users to log in from any device. Adding unknown IP address access opens up the risk of outside hackers or employees with less than honorable motives. The most significant concerns center around information breaches and identity theft, and it’s important to know what measures can mitigate those risks as much as possible.  Here are some of the largest payroll security holes and how to close them.

Access

Being a payroll employee, or having access to payroll information, is a privileged position. Companies should have strict guidelines for access to payroll data. Employees outside of the department should not have access to any information but their own. Additionally, with so many organizations using third-party vendors to process their payroll, it’s critical to understand the measures your vendor is taking to ensure that your data is secure. Fully understand the precautions they are seeking to keep your payroll information safe.

Electronic Security

The choice of the software you use and your company’s electronic security are critical components of payroll security. You likely already know that you need a firewall to protect all of your systems and your databases. Another level of protection internally is to ensure that every computer is password protected. Have a standard, company-wide process for changing and updating passwords regularly and be sure that your information technology (IT) department is conducting regular security checks of all systems.

External Requests

One of the functions a payroll department spends its time on, especially within larger organizations, is taking requests from external parties, for example from creditors and mortgage companies or other companies looking to check past employment of a former employee. When someone calls, there is no way to verify who is doing the calling. Your payroll department should have a standardized process for handling these requests in writing, and every payroll employee should be trained in that process.

Physical Environment

Access to any filing cabinets with potential payroll documents should only be limited to those payroll employees required to handle them. Also, payroll employees should have their computer screens positioned away from the eyes of anyone walking by, and the door on the department itself should stay locked. If your business needs to use offsite storage, be sure that it is highly secure and only accessible to authorized employees.

Document Disposal

Too many documents on hand open you up to more risk. Do your best to limit your documents to those needed for tax and auditing purposes. When it’s time to purge paperwork, be sure to use a secure shredding process, and again, utilize established guidelines that all employees use each time.

Disaster Recovery

You’re going to do your utmost to be sure to keep payroll information as secure as possible. In the case of a security breach, however, be sure that you have a disaster recovery plan in place including automated backups to a secure location. This will minimize the amount of time your system is inaccessible and will help re-secure your data as soon as possible. Be sure that you have a process outlined in writing and the cloud so that each employee knows their role and can access the documents for reference should such an event occur.

Work with your HRIS vendors, IT departments, payroll, and human resources (HR) leadership to ensure that have secured a physical environment, limited access to payroll data to only those employees requiring it, have strengthened your electronic security, and have established processes in place.

As we continue making a move to cloud-based systems and employing more third-party vendors to process data or work with our software, it’s critical that we have measures in place to protect our sensitive payroll information.

***

Jessica Barrett Halcom is a writer for TechnologyAdvice.com, with specializations in human resources, healthcare, and transportation. She holds a bachelor’s degree from the University of Wisconsin, Green Bay and currently lives in Nashville, TN.