Payroll security involves taking steps to ensure that sensitive company and employee information aren’t compromised by employees or outside actors, like hackers. Common sources of payroll security issues include time sheet fraud, pay rate alterations, and data breaches—though the exact nature of these problems varies by the type of business.
If you take some important steps to safeguard your business’ data, it’s possible to create a secure payroll system using software or a third-party provider.
1. Train Employees on How to Use Your Payroll System
Training all new and current employees on the proper use of your business’ payroll system helps everyone understand built-in security features. It’s also an opportunity to train relevant employees on additional steps that must be taken to protect company data and employee records, such as Social Security numbers, addresses, and other sensitive information. For that reason, payroll training efforts should clearly describe your company’s procedures and make sure all relevant employees have access to them.
To maintain employee training goals and uphold payroll security standards, schedule additional training sessions whenever the software is updated or a procedure changes. Business owners can also strengthen payroll security by keeping an eye out for ways employees may cut corners and bad habits that form around payroll security procedures.
2. Include Payroll in the Business’ Security Measures
Just as your business’ payroll procedures should be published in relevant training materials, payroll security is an important part of the business’ security measures. Including payroll processes in your security strategy makes relevant policies accessible to employees and makes it easier to integrate all of the company’s security measures and avoid gaps or other weaknesses. Helpful internal measures that can combat payroll fraud include:
- Conducting background checks before hiring new employees
- Limiting how many employees have access to employee personal information
- Engaging an automated clearing house (ACH) filter to prevent unwanted parties from accessing your business’ bank account
- Encouraging employees to use direct deposit instead of printed checks, which are more susceptible to payroll fraud
3. Update Your Payroll Software Consistently
Whether it’s an app on your phone or the system your business uses to manage payroll, outdated software exposes you to a number of security threats, including hackers. For that reason, one of the best ways to tighten your business’ payroll security is to update your payroll software immediately after those updates become available. These updates are especially important when released in response to known data breaches or other security issues.
You can keep software up to date by providing clear update requirements in your company’s payroll and security procedures. Likewise, if employees need to update the software on their individual devices, communicate this in a timely fashion, provide clear instructions, and follow up to confirm the updates are completed.
Business owners who work with a payroll provider should also confirm that the vendor automatically applies all software updates—rather than requiring manual updates at the individual company level. Finally, if you’re not comfortable with the extent of security measures offered by your current payroll system or third-party provider, consider switching to another option.
4. Require Users to Update Their Login Credentials Regularly
In addition to updating your company’s payroll system itself, take steps to require that employees update their passwords on a regular basis. Generally speaking, it’s best to update passwords every 30 to 90 days, though the frequency ultimately depends on the unique needs of your business and the likelihood of a password breach. This requirement should be clearly stated in the company’s security procedures and as part of payroll system training.
Regular password changes don’t protect against every threat to payroll security, but the approach can still be an effective strategy—especially when combined with other security measures. Keep in mind, however, that according to the Federal Trade Commission (FTC), employees who are required to frequently change their login credentials may be more likely to choose weak passwords or replace them with related passwords. Combat this by providing employees comprehensive password guidelines regarding length, composition, and uniqueness.
5. Apply Separation of Duties
Separation of duties is a human resources and information technology principle that can help tighten payroll security while also reducing errors. In the context of payroll security, businesses are more likely to have security issues if a single person is performing every stage of the payroll process. This is because people are typically less likely to access or steal sensitive information if they think someone else will be reviewing their work and other activity. And in many cases, not having access to multiple systems makes it impossible to commit payroll fraud.
As an example, some businesses opt for one employee to manage time cards, have someone else handle payroll, and have a third employee issue the checks. Not only does this structure discourage employee fraud, but it also reduces the likelihood of errors. The more employees who are required to review elements of your business’ payroll process, the fewer mistakes are likely to impact operations.
6. Limit the Information You Print on Checks
Including too much employee information on checks exposes your business and its employees to significant threats to payroll security, from phishing and social engineering scams. The more you print on checks, the more sensitive information is stored in your payroll software and the more susceptible you may be to a devastating and potentially expensive data breach.
Instead of printing details like employee Social Security numbers, addresses, or identification numbers on checks, limit information to the bare necessities like the employee’s name. Likewise, if you use a third-party vendor to handle your business’ payroll needs, make sure it is taking steps to maximize security and issue payments safely.
7. Utilize Features to Reduce Time Theft
It’s estimated that time theft—or time sheet falsification—impacts around 75% of businesses each year. This breach of payroll security involves employees intentionally misrepresenting the amount of time they worked in their time sheets. Luckily, payroll systems offer a range of features intended to reduce the incidences of time theft.
If you’re still shopping for a new payroll system or payroll provider, look for options like Gusto that include security features like user authentication. Gusto offers multi-factor authentication to help confirm the identity of the person signing into an account, and you can start using it for free.
Other features you should consider are shift rules that limit when employees can clock in and out and ways to identify time entries that appear inconsistent with typical logs. If you’re already using a payroll system, contact your customer support representative to determine what kind of tools are available to safeguard time sheet reporting in your business. There are also stand-alone time and attendance systems available.
8. Consider Security When Offboarding Employees
Losing an employee is rarely ideal, but it can be even more harmful if your business’ payroll system is susceptible to security threats from former employees. Most often, security breaches related to former employees occur when an employee who resigned or was fired accesses sensitive employee information. However, insufficient offboarding measures can also result in ghost employees that remain on payroll after they’ve left the company.
To reduce the likelihood of threats to payroll security, recover any company assets such as security credentials and laptops from the employee on their last day. Furthermore, ensure there are processes in place to remove former employees from the payroll system and change login credentials for former payroll employees to prevent unauthorized access.
9. Conduct Regular Payroll Department Audits
Payroll audits help business owners prevent or minimize fraud and embezzlement threats while also ensuring payroll processes comply with tax and labor laws. In general, you should conduct a payroll audit at least annually, but quarterly or monthly mini audits can provide more comprehensive insights into the health of your payroll system. When conducting a payroll audit, take important steps, like:
- Confirming employee information, including pay rates and pay periods
- Spot-checking 5% to 10% of your employee W-4 forms to look for possible systemic issues
- Comparing hours in payroll records to hours reported on timecards
- Running a ledger report that shows every transaction in your company to ensure it aligns with payroll records
10. Outsource Your Payroll Process
If you’re a busy business owner, it can be difficult to dedicate the time and energy necessary to maintaining a secure payroll system. Likewise, you may not have room in your budget to hire full-time HR or payroll specialists. Hiring a third-party payroll provider can help you save time while ensuring your company is protected by comprehensive security measures.
That said, when outsourcing your payroll, there are a few important considerations to help you find the most secure provider. Follow these tips when choosing a payroll solution:
- Ask about security features incorporated in employee time tracking processes
- Confirm that there is a secure way for employees to access their payroll history
- Research the provider’s reputation, including its handling of security issues
- Understand the services offered by each provider and how they will integrate with your business’ other security measures
- Balance your budget and your business’ payroll needs against the importance of a secure and reliable payroll provider
Whether you work with a third-party payroll provider or handle payments in-house with software, payroll security is an integral part of paying employees. Payroll systems typically have security features built in, but there are a number of steps that you can take to protect your business from threats like falsified time sheets and data theft.