COMPLIANCE
Let’s talk cyber-security
Cyber-attacks within the payroll profession have been thrust into the spotlight of late. Whether attacks on third-party software, or targeted attacks on the providers themselves, the impact has been felt across the entire payroll industry. Here, Vickie Graham DipM ACIM ACIPP, business development director, the CIPP, provides a recap of a recent roundtable held to discuss this topic
O n 29 June, we hosted a cyber- security roundtable, bringing together experts in cyber-security from a variety of payroll providers, risk management solutions and in-house payroll professionals, who’ve had first- hand experience of the impact of cyber- attacks on payroll departments. This was held with the aim of producing guidance for CIPP members and the wider payroll profession. The roundtable covered three key questions: "Understanding this business risk and being able to communicate at a senior level regarding protocols you have in place will position payroll as a key strategic partner within your business" l what can be done to protect payroll systems and data? l which questions should payroll professionals be asking their supply chain? l how should payroll respond if, and when, an attack happens?
It’s important to acknowledge that although the risk of attacks can be
l what are your data retention policies? l are you ensuring you’re only storing data for the time it’s needed and that it’s being removed when no longer required? The roundtable highlighted that, after incidents where both current and former employees have been impacted, there’s been lengthier repercussions as communicating with past employees has been challenging. So, think about how long you retain data on previous employees and what it’s used for. Where are your back-up data files? Back-up files are also at risk and should be stored on a separate server, so if your main system is compromised your back-up files aren’t and can support your disaster recovery. One of the most important risk mitigation areas regarding cyber-security is training. It’s widely accepted that the most successful attacks are down to a user clicking a malicious link, or through data being shared in an unsecure format. Gartner predicts that, “By 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents”. Therefore, it’s important to ensure your employees are trained on cyber-security and your processes for sharing data, to limit this risk to your business. The CIPP has recently launched its Cyber-security hub online, which provides guidance and
managed, it cannot be completely removed and therefore, as payroll professionals, it’s important we mitigate as much as possible, but also prepare for what could happen. Recognising cyber-security isn’t solely an ICT issue; understanding this business risk and being able to communicate at a senior level regarding protocols you have in place will position payroll as a key strategic partner within your business. What can be done to protect payroll systems and data? The reality of payroll data is that it contains personal data relating to every single employee within a business. If that data is compromised, it creates mass disruption for a business. It’s also an extremely valuable commodity to ransom, which is an increasing threat to businesses. To limit this, think about the data you hold: l what data do you store and process on your systems? l who has access to that data? Consider both internal colleagues and external third parties and how data is shared l do you have certain data elements restricted based on seniority or business need?
| Professional in Payroll, Pensions and Reward | September 2023 | Issue 93 24
Made with FlippingBook - Online magazine maker