Why you are the greatest risk to your payroll data’s security

Aug18

Posted in Payroll

We don’t mean you specifically of course, but with GDPR now in force and security and encryption improving constantly, the common denominator in payroll data security breaches is likely to remain human error.

Lock with credit cards and wallet on a laptop.

In 2014, a former employee of Morrisons leaked the payroll and salary information of thousands of the supermarket’s employees. In 2016, the payroll data of some Snapchat employees was leaked when an employee mistakenly responded to a phishing email. Earlier this year, the payroll details of hundreds of agency workers at Jaguar Land Rover were shared amongst staff, detailing disabilities, disciplinary records and sick days, as well as indicating which staff were likely to be made redundant.

What connects these and similar incidents which seem to be occurring almost weekly? They don’t appear to have been caused by the technology. True, the technology may have created the landscape for the error (or malicious act) to take place, but it’s not the tech that’s to blame; it’s invariably the people. The worry is that there’s just so much potential for mistakes to be made:

Breach by intention

How can you stop a disgruntled employee taking revenge by leaking payroll information? It’s not easy, but too many payroll systems create an environment ripe for abuse. According to one report, around 40% of companies still manipulate payroll data on Excel and many retain all payroll functions in house. Outsourcing payroll and using cloud based systems to transfer data limits a disgruntled employee’s access to huge volumes of data, and their ability to publish it.

Breach by trickery

Phishing emails (of the sort you’ll receive purporting to be from your bank) are becoming increasingly sophisticated and it’s perhaps unreasonable not to assume that at some point, one email will dupe one person within your organisation into sharing payroll information they shouldn’t.

You can, however, limit the potential for errors by increasing security measures with improved authentication and password management. And again, when you send less payroll information by email, there’s far less risk you’ll be duped into sending it to a rogue address.

The passive breach

Last week, I was having a conversation with a colleague about holiday destinations. They mentioned Croatia as a must-visit and I enthusiastically promised to look into it before promptly forgetting all about the conversation. Two days later my phone presented me Airbnb options in Croatia.

There are far more ways for our devices to listen to us than ever before. You may find Siri sending you a handy reminder about a holiday endearing. But your Echo Dot, your TV or your internet of things-enabled child’s toy isn’t discriminating about what it listens to. It’s security is variable. And our understanding of how to control and filter such devices is even more variable. Despite the prominence of data breaches in the headlines recently – most notably with Facebook – few people change the default settings of their device.

Of course, it’s unlikely you’re going to reveal vast swathes of payroll data in a conversation, but you could say enough with a listening device in the vicinity to trigger more phishing emails, which could increase the levels of risk.

Outsourcing payroll can immediately reduce the risk of your payroll data getting ‘out there’. If you’d like to find out more, talk to our experts now.