FEATURE TOPIC
Time to talk tech
Technology is a topic which features heavily in any conversation around the present and future of payroll. So how can the profession ensure its impact is a positive one? Jerome Smail, freelance journalist, spoke to our panel of experts to share their views
This issue, Jerome spoke to: l Vickie Graham DipM FCIM ACIPP , CIPP business development director l Justyna Kwiatkowska ACIPP , payroll manager, Aston Shaw l Julie Lally MCIPP, managing director – payroll, CIPHR
l Brian Sparling ChFCIPPdip , payroll services and compliance principal Europe, Middle East and Africa, Dayforce ● Hazel Tritschler MCIPP , head of people, organisation development operations and reward, The University of Manchester.
How can payroll face off the fraudsters and ensure the hundreds of thousands of pieces of data it regularly processes are protected? Vickie Graham: Payroll holds a wealth of data which is valuable to an organisation, but it’s also valuable to fraudsters. Organisations could find themselves becoming victims of cyber-attacks, particularly ransom attacks relating to payroll data, if systems aren’t well protected. Although data security might be seen as the responsibility of information technology (IT) professionals, those working in payroll have a part to play and can support their IT colleagues in keeping payroll data safe. Some effective strategies which payroll can lead on are: l implementing strong access controls – essentially restricted access to systems and data to authorised employees only. This is effective because the fewer
people with access to the data, the fewer opportunities to ‘break into’ the systems and attack it. Multi-factor authentication (sending a code to another device to log in) is another effective layer of security, as the attacker would need access to that additional device in order to get through the security check l encrypting sensitive data – don’t send payroll data via unsecured channels and ensure the data is encrypted. How often do we email payroll data files internally, or maybe even externally to benefit providers, for example? This poses a huge risk to your payroll data. Where possible, data files should be shared via a secure online portal. If this isn’t an option, files should be password protected with a strong password, which is then sent on a separate communication channel l third-party security – we all use third- party providers and share data with them. It’s important to conduct relevant checks
in relation to your suppliers to ensure they have the relevant security measures and protection in place to keep your payroll data secure. Are they ISO 27001 or Cyber Essentials Plus accredited, for example? Do they have a business continuity and disaster recovery plan? If so, how often is it tested? Most of us will ask providers these and many more questions when we engage with them, but how often do we check things are still up to date? It’s worth a periodic check with your partners to ensure these measures are still in place and a good idea to ask how they’re continually investing in data security l regular reviews and training – make sure your policies and procedures are up to date, compliant with relevant data protection legislation and understood by your employees. Often, I hear that ‘people are the weakest link’ in data protection. Whether this is because of weak passwords, clicking links on
| Professional in Payroll, Pensions and Reward | April 2024 | Issue 99 24
Made with FlippingBook - Online magazine maker