Why payroll security is even more essential now remote work is the norm
The COVID-19 pandemic is changing the way people work and do business. As governments worldwide impose compulsory community quarantines and lockdowns, many are turning to the internet to continue operating their businesses or doing their jobs. Teleworking is becoming the new normal with everyone expected to observe physical distancing to avoid the pandemic spreading.
Among other systems, payroll is one of the workflows worth examining amidst the changes brought about by the pandemic. As companies adopt remote work arrangements to avoid complete operational shutdown, those that have been manually processing their payroll need to find ways to adjust to the new situation.
Most companies are already using business software, but many still rely on spreadsheets to record and process their salaries and wages. In a recent article, payroll company Papaya Global shared that a majority of companies comprising 85 percent of the global workforce still process payroll manually through their payroll providers, leaving them vulnerable to cyber attacks. Some might already be using various business applications, but many still work with payroll providers that don’t use automation and haven’t implemented adequate security measures.
These companies typically submit their data to their payroll providers or banks through email. The data they transmit usually includes employee names, social security numbers, bank details, contact information, as well as ID card copies. This is not sensitive information that should be transmitted through these insecure channels. Such a potential breach is a nightmare for Chief Information Security Officers (CISOs), especially for large organizations that handle information of employees across different countries.
The coronavirus pandemic further complicates matters and increases the risks. Companies whose existing employees get to work from home may not have a lot of changes to deal with. However, those that are new to hiring remote workers or independent contractors face new challenges. Similarly, companies that deal with professional employer organizations (PEOs) likely encounter changes that require modifications in the way they prepare their payroll.
Sticking to conventional systems is not only inefficient; it may also be incompatible with the new setup businesses have with remote workers, PEOs, and independent contractors in the picture.
How payroll can be a source of security breaches
To illustrate, several payroll attacks in varying forms have been recorded in recent times:
- 2016: A major payroll company, became the victim of data theft and W-2 form phishing exposing sensitive employee data to third parties
- 2018: Another payroll provider fell prey to a phishing campaign, which led to a massive data breach concerning 111,000 individuals.
- April 2019: Hackers succeeded in infiltrating the City of Tallahassee’s payroll system, allowing cybercriminals to siphon nearly half a million dollars of government funds after redirecting employee payments to an account in a bank abroad
- November 2019: Payroll data of more than 29,000 Facebook employees ended up in the hands of bad players when a hard drive was stolen in a car break-in
- January 2020: Another high-profile payroll attack happened, this time concerning the Meadville Medical Center in Pennsylvania, exposing the personal data of employees and their dependents.
In February 2020, the FBI issued a warning on the increasing sophistication of cyber attacks targeting payrolls. In its Internet Crime Complaint Center report, the federal law enforcement agency highlighted how payroll is particularly prone to attacks coursed through emails.
The FBI warning cites the rise of fraudulent emails used to trick payroll providers into exposing employee information or implementing adjustments in client accounts. For example, an attacker can send an email (pretending to be an employee) to a payroll department or third-party payroll provider to request a change in their direct deposit information. The payroll officer can be tricked into “updating” the direct deposit account details into a prepaid card account supplied by the attacker.
The need for better payroll security
So how does the COVID-19 pandemic aggravate payroll-related cyber threats? The answer can be summed up in two words: unfamiliarity and volume.
With more workers and businesses now online, risks within processing payroll increase. As enumerated above, the attacks are not limited to hackers breaking into bank accounts and transferring funds online. Cybercriminals employ various ways to gain access to information from finance departments or defraud payroll providers, especially those that continue to rely on manual and unencrypted systems.
The large volume of information exchanged online can create vulnerabilities that aid social engineering attacks. With payroll providers dealing with a surge in transactions and unfamiliar work arrangements, there is a tendency to get confused and become less meticulous in handling records.
Cloud-based platforms for improving payroll security
The risk of data theft or loss via payroll systems underscores the need for higher security in this space. This means that businesses will need to comply with higher standards, privacy policies, and safe communications procedures.
The rise of software-as-a-service (SaaS) payroll solutions is a boon to companies that have to deal with the new challenges in the pandemic-afflicted new norm.
SaaS payroll systems like Papaya Global don’t require companies to install, maintain, and update software. Everything is managed by the service provider and comes with expert technical assistance. These end-to-end solutions allow companies to focus on hiring, onboarding, managing, and paying their employees. There is no need to undergo intensive payroll training and become cybersecurity experts.
Additionally, Papaya Global is designed to interface with existing payroll suppliers, allowing companies to continue working securely with their current payroll providers and establishing a centralized solution for managing payroll on a global scale. Payroll security has considerably improved with the help of automation. Without manual data inputs, there’s nothing for hackers to intercept.
It’s also worth pointing out how modern payroll systems take software regulations seriously. In the case of Papaya Global, for example, it complies with the General Data Protection Regulation (GDPR) and System and Organization Controls Report 1 (SOC 1). It is also ISO/27001 certified, which means that it has a topnotch information security management system.
The sudden rise of remote business and worker activity has created scenarios and challenges that require adjustments in management business workflows - payroll included. It’s necessary to pay more attention to payroll security because most businesses are still familiarizing with the new norm in work arrangements and are coping with the surge in transactions. Cyber criminals are drawn to the vulnerability-inducing chaos and confusion, so businesses need to step up with how they protect against attacks.
Image credit: Pixabay
Peter Davidson works as a senior business associate helping brands and start ups to make efficient business decisions and plan proper business strategies. He is a big gadget freak who loves to share his views on latest technologies and applications.