The 5 biggest threats to your payroll security (and how to guard against them)


Posted in Payroll

Digital protection and security.The increased connectivity of payroll processing has transformed the reactive model of years ago into a tool that can aid productivity, adapt and grow with companies and meet the needs of a workforce on the move. But as the latest Norton Symantec Internet Security Threat Report demonstrates, too many companies are failing to take the simple steps to protect their payroll – and their corporate systems in general – from attack.

Here are 5 of the biggest contributors to corporate exposure, which coincidentally have 5 of the simplest fixes.

Your passwords are still too weak

Attackers are using our own fallibility against us, and we’re making accessing our data far too easy. How? Through our passwords. We all now have so many passwords that, despite knowing the risks, we opt for replicating simple passwords from elsewhere in our lives.

Unless systems and policies enforce security (for example, by requiring frequent password changes) then from time management and payroll systems, to HR, sales and ops, the passwords will remain a point of exposure for companies and individuals.

The Symantec Report states that to be strong, a password should feature at least 8-10 characters, include a mixture of letters and numbers, and should be changed every 90 days.

Your users remain naïve

Just because the email or social media post appears to be from a trusted friend, colleague or the payroll department, doesn’t mean it is. The Symantec reports recommends educating staff against clicking on unexpected links and files that haven’t been scanned for viruses.

Your system is compromised by removable media

Removable media, as the name suggests, includes the smartphones, USB drives and external hard drives which can be used, maliciously or entirely unwittingly, to introduce viruses to corporate payroll (and other) systems.

The Symantec Report recommends that, where practical, unauthorized use of removable media should be restricted, and where they are permitted all devices should be automatically scanned upon connecting to the network.

Back up critical systems

Most organisations make backups. But not enough companies carry out reviews of those backups to confirm that, as processes change and businesses grow, they are backing up the right things at the right times.

The Symantec report recommends regularly reviewing backup processes, making regular backups, and keeping them somewhere accessible should they be needed.

Your employees’ mobiles are not secure

Every day, more and more work-based apps are launched, many of them time management or payroll based. As more companies encourage a BYOD (bring your own device) policy, it’s worth noting just how insecure most mobiles remain.

While we are becoming more aware of the information apps can gather about us, a 2013 McAfee report revealed 36% of us don’t even lock our phones, and 30% of us (mainly men) helpfully place their passwords in a notes app.

The Symantec report recommends companies adopt a minimal security profile for any devices that are allowed access to the network, and ensure all employees and devices adhere to the policy.