Auto-renewal for 2025 licences is now in process, and we’re experiencing higher-than-usual wait times on our phone lines. For FAQs, visit this link.


Nov 2022

30

Security alert! 5 steps to protect your payroll data

Cyber-security is a serious matter and should be at the forefront of any business. This is especially important for accounting firms and payroll bureaus as they process sensitive personal and financial data. Almost everything is stored online and accessible at your fingertips, so just how safe is your clients’ payroll data and their employees’ payslips? Here are five simple steps you can implement to start improving the security of your payroll data today.

 

Where is your payroll data stored?

When you process your clients’ payroll, do you know where the data gets stored? A recent study by IPASS and Intelligo showed that 14% of Irish payroll processors don't know where their data is stored. Whether it’s stored to an external hard drive or on your computer’s hard drive, either of these options can pose security threats. What would happen if your laptop was stolen? Or if your computer was hacked? It’s important more than ever nowadays to store such data on a platform that has both the credibility and reputation behind it, to ensure your clients’ payroll data is kept safe and secure at all times.

On top of that, are your clients' employees' payslips as secure as they could be? For example, do you manually send them via email or print them out in the office? These can both pose security risks and could result in a data breach. From emailing a payslip to the wrong person, to someone around the office viewing a payslip without the employee's expressed permission.

 

Store important payroll reports out of harm’s way

Payslips aren’t the only thing bureaus and accountants should be worried about. Payroll reports also contain sensitive data, that if exposed to the wrong person, could have detrimental effects. There are users across the internet who are constantly trying to access such information too. For example, for Irish payroll processors:

  • 31% have received correspondence from people impersonating employees
  • 26% have been targeted in phishing scams
  • 57% feel they have been targeted in some way

 

Let clients’ employees access their data themselves

We are all human and we all make mistakes. Have you ever sent the wrong payslip to an employee, or sent an email to the wrong client? All it takes is one click or one download to expose your client’s data to the wrong users. That’s why one of the best ways you can improve security is by letting clients and clients’ employees have more access to their own payroll information.

Did you know that 7% of enquiries from Irish employees are to check their holiday balance and 10% are because they have forgotten the password for their emailed payslip? Introducing a tool to clients such as an employee app can allow their employees to access payslips 24/7, which aligns with GDPR best practices and saves you time in the long run as you no longer need to deal with such enquiries.

 

Have better support in place for hybrid working clients

Now that 18% of payroll processors are working either remote or hybrid models, this leaves more risk for data such as payslips, employee details and other sensitive information to be sent to the wrong emails or exposed to the wrong people. Putting a system in place that can prevent these data breaches can help boost the security of your clients' payroll data and save your bureau’s reputation.

An example of such a system could be letting clients enter any updated payroll information to a secure online portal, each pay period. This allows the client to securely enter their employees’ hours, any additions or deductions, add any new starter details, for that pay period. It’s all done through an online portal too, where the client can enter these details from anywhere. This reduces the likelihood of clients’ payroll data being exposed to unauthorised users via email, WhatsApp, or paper-based files laying around the office.

 

Follow GDPR best practices

If you’re wondering does sending an employee’s payslip to the wrong email address count as a data breach, the short answer is yes. GDPR breaches are more common than you may think, and regardless of whether you’re aware of it or not – every business across the nation is at risk. For example, in 2020, Tusla became the ever first Irish company to be given a fine for a GDPR rule breach and it cost the company €75,000.

Data breaches range in severity and not only threaten your client’s payroll data safety, but also your bureau’s reputation. Here are some common examples of data breaches:

  • Sending one of your client’s reports to another client, without their expressed permission
  • Your computer gets stolen and client information is leaked to unauthorised third parties
  • Staff’s personal information is altered without their expressed permission

Letting staff have more control over their personal data, by using tools such as employee apps, and providing clients with transparency on where and how their data is stored aligns with GDPR best practices.

 

Which payroll software is best for security?

All of the issues mentioned above can be dealt with by using BrightPay’s cloud extension, BrightPay Connect. With BrightPay Connect, your data is backed up to a secure Microsoft Azure server, where your clients and their employees have access to their own data through a self-service employer dashboard and a self-service employee app. You can also:

  • Automatically back up clients’ data, while you work
  • Provide clients access to a payroll and HR portal, where their employees can access payslips and HR documents securely from their smartphones
  • Integrate your payroll software with a wide variety of accounting software and pension providers

BrightPay is a multi-award-winning payroll software and one of Ireland’s leading providers of payroll software for accountants. Why not sign up for a free 15-minute demo of our cloud extension, BrightPay Connect, to see how it can improve your online security today.