Payroll is without a doubt one of the most confidential things that small and large businesses are responsible for managing. Should this data fall into the wrong hands, the consequences can be both far reaching and detrimental. Therefore, knowing how to secure payroll processing is essential, and below are some tips which will show you how to do it.
How Can Payroll Be Compromised?
Payroll data entails information involving your employees, such as their Social Security Number, birth dates, home address and bank account numbers. Clearly, if this information is acquired by identity thieves or other criminals it leaves both you and your employees vulnerable to payroll fraud and identity theft. There are two ways in which payroll is compromised, and this is either internally or externally.
Your employees are arguably the greatest potential threat, since they have direct access to the information, particularly if they work in the HR department. Even employees who do not have access to payroll may still attempt to steal it from their co-workers. Even if you believe your employees can be trusted, research shows that small businesses are much more susceptible to payroll fraud than larger institutions. External threats involve criminals and groups that attempt to acquire information through phishing, malware or computer hacking.
How To Protect Your Payroll
Payroll should be processed in a secured room that only authorized employees have access to. The room should be locked and also have security cameras present which show who enters the room and when. By restricting payroll to only a handful of employees, if the data becomes compromised you can quickly narrow down the most likely culprits.
The computers which are used for payroll processing should be equipped with the latest firewalls, and should be regularly updated. Any passwords which are used to secure the computers should be robust, and should be changed regularly with employees who have been recently terminated denied further access. Computers responsible for payroll processing must also use a professional, corporate level anti-virus scanner to ensure they do not become infected. Every company computer should use filters for email spam and employees should be kept up to speed on phishing schemes.
You will also want to regularly perform an audit for payroll. An internal audit is one which is conducted by someone within the organization, while an external audited is carried out by someone outside the company. The purpose of an audit is to ensure the process and numbers are accurate. Employees must also be instructed never to share their personal details with others, even their co-workers. Some companies still maintain their payroll data in physical paper documents, and while these are protected from cyber thieves, you still have to worry about traditional theft. Therefore, physical payroll documents should be placed in filing cabinets which are locked and only accessible with certain keys. Only specific people should have keys to these cabinets and a paper shredder should be used when physical documents need to be disposed of.