Confessions of a payroll manager – 1, 2, 3, 4, 5, once I caught a phish alive…
Another anonymous episode revealing the world of payroll featuring payroll avatar, Penelope Fortham (‘Penny’), who is payroll manager at the nation’s favourite biscuit makers Crumbitt’s Confections. T here are few things that keep me awake at night: sinkholes; AI takeover; climate catastrophe; the BACS not processing properly and sending thousands of pounds to the wrong account; and falling victim to an information security scam. When we started using emails at work, I remember receiving the occasional request from a Prince in Nigeria asking if he could put £1,000,000 in my bank account for safe keeping. Sometimes I might receive a ‘gift’ of £257,000 but only if I sent my bank details to ‘Paradise Brown’ within the next five days. Fraudsters have got much more sophisticated of late, and recently I was very deceived by an email with an ‘important’ attachment on it supposedly from HMRC. So, I thought it might be time to update my and the team’s internet security training. To ensure I wasn’t teaching the team to suck eggs (well, it could be that only I was behind the times) we had a brief meeting to evaluate where we were all at. When my speech about phishing and whaling descended into a massive conversation about the difference between fish farms and deep-sea fishing, I knew we had a way to go. There was a brief moment when I felt very old. I’d told the team that the biggest security risk when I first started in payroll was the handling of cash that came from the bank to make up the wage packets. As the youngest members of the team allowed their eyebrows to ascend into their hairlines, I realised that many were not aware of cash
wages at all and had been brought up in a world where salaries are only moved around digitally. So, with the team’s lack of knowledge confirmed, I organised an external trainer from ‘Action Fraud’ to come and lead a day’s workshop. Mr Crumbitt came along – he loves a training day, and the associated catering – as well as a few other members of staff from the factory. Everyone was quite shocked that a biscuit factory could be a target of information security scammers but we were told Crumbitt’s is exactly the sort of company targeted. As part of the course Mr Crumbitt had to engage in a bit of role play; well, he played himself, but he had to pretend to call payroll and ask for his bank details for be changed. Evie, on the receiving end of the call, was so anxious about everyone watching her she just accepted the request and blurted out all the ‘fake’ details she’d been told to keep safe. After we’d calmed Evie down with some biscuits (Crumbitt’s Cookie Pizzas are slowly turning into a fool-proof way of settling upset staff) the trainer explained correct procedure, including double authentication, with Jace repeating the exercise using the new information. Obviously, Jace aced it but I think we all felt overawed at the amount of responsibility the team have – and the potential dangers when things go wrong. After lunch – when Mr Crumbitt, tummy full, apparently had an ‘emergency’ to attend and departed – there was a talk from Action Fraud: Investigation Team. It all sounded rather ‘James Bond’ until they played a bit of a ropey instructive video narrated by the legend Dominic Littlewood. It’s hard to maintain a picture of Daniel Craig leaping down the side of a mountain when you’ve
got a cheeky cockney winking at you from the screen. To be fair, it was genuinely fascinating (ropey video and all) and we were all taken aback when they showed footage of police breaking up operations where there were rooms full of individuals trying to trick payroll departments in to changing bank details. Going quietly to get our afternoon coffee the team was rather subdued. The threat now seemed very real and we were thinking even more seriously about our responsibilities. Thankfully, as with all good training sessions, we came away with a set of actions for how we could make operations more secure: always checking personal information when somebody calls; confirming personal detail changes via a phone call to the works number; and, more importantly, always undertaking regular training. Later, the team and I chatted and reflected that the modern world in which payroll operates can be quite scary. The risk is global, as it could come from anywhere; which seems a long way removed from a biscuit factory. Still, we were a team, we’d had our training and were aware of the dangers. We could never be complacent – but then you never stop having to learn about payroll and not just the how you do it but also around the environment it operates in. If anyone ever says they know everything about payroll be cautious – they might just be scamming you! o The Editor: Any resemblance to any payroll manager or professional alive or dead, or any payroll department or organisation whether apparently or actually portrayed in this article is simply fortuitous.
| Professional in Payroll, Pensions and Reward | October 2019 | Issue 54 56
Made with FlippingBook - Online magazine maker