IT Security Outsourced IT

Payroll Security

What is Payroll Security?

Employers retain enormous amounts of highly sensitive information about employees and their dependents including names, addresses, phone numbers, email addresses, social security numbers, government IDs, licenses, financial accounts, legal information, sensitive health information, and more. This, of course, makes payroll at attractive target for cyberattackers, but payroll can also be targeted for payroll fraud.  

Cyberattackers often attack payroll by attacking online benefits or payroll systems, where they divert a large financial transaction, such as a large retirement fund payment, or multiple smaller transactions, such as payroll payments. The diverted funds are sent to fraudulent accounts where they rapidly withdraw the funds, in order to avoid being intercepted by the financial institution. They also are likely to steal the sensitive information to use in a ransomware attack or to sell it directly on the dark web.

Payroll fraud is a type of insider threat from employees. Types of payroll fraud include:

Buddy punching. Buddy punching occurs when an employee asks a coworker to punch in for them, but then that employee does not actually report to work.

Ghost employees. Ghost employees are either fake employees or employees who had been terminated but not removed from the payroll system, and their direct deposit records are altered so that the payroll goes to the account of the fraudster.

Advance retention. Advance retention is a type of payroll fraud that occurs when an employee fails to back an advance that they had requested.

Expense reimbursement. Expense reimbursement fraud occurs when employees request reimbursement for expenses that are inappropriate and/or inaccurate.

Protect payroll data from inside and outside threats by:

Training employees on cybersecurity. While most employees do not have access to payroll data, if they cause a data breach, payroll security could be compromised. Train employees to recognize the signs of phishing and other suspicious activities.

Limiting payroll access. Ensure that the only people who have access to payroll are those who need it to perform their job duties, and that those employees are rigorously trained in security.

Protecting against insider threats. In order to minimize the risk of insider threats, conduct background checks, lock computers and doors, lock documents, keep computer screen out of the line of sight, conduct payroll audits, conduct payroll security audits, and use biometric timeclocks.

Strengthening credentials. Use strong passwords and are changed regularly, as well as multi-factor authentication.

Removing old employee data. Ghost employees and security vulnerabilities are two potential payroll threats from retaining data on former employees. Federal and state laws dictate how long employee records must be retained, so that data should be removed only after complying with those requirements.