TECHNOLOGY
Payroll under siege
Payrollers are the gateway to the data; cybercriminals love you! So, Will Jackson MCIPP, Chief Executive Officer, C2 RISK, reveals the nature of such attacks and highlights the ways in which payroll professionals can start to protect themselves and their organisations
P ayroll, the very engine which drives employee satisfaction and fuels the economy, has become a prime target for cybercriminals. Recent high-profile breaches involving outsourced payroll providers have exposed the vulnerabilities inherent in this critical function, emphasising the urgent need for robust data security measures. Phishing attempts are rife, ransomware is a constant worry and business email compromise attempts have become a growing threat to payroll teams. No longer is it a matter of if an attack will occur, but when , making a proactive, technology-driven approach to security and third-party risk management (TPRM) absolutely essential. The ever-evolving cyber threat landscape The digital landscape is in a constant state of flux, with cyber threats evolving at an alarming pace. The shift to remote work during the pandemic expanded the attack surface, as cybercriminals exploited weaknesses in home office environments. Now, businesses face a rising tide of sophisticated attacks, including: Phishing Phishing emails, disguised as legitimate communications from human resources (HR), finance or employees, trick unsuspecting staff into revealing sensitive information or clicking malicious links.
According to recent figures, phishing accounts for a staggering 83% of breaches in the UK. “No longer is it a matter of if an attack will occur, but when, making
submit false payment forms and bank details. One of the most concerning trends is the exploitation of vulnerabilities in file transfer software, enabling criminals to access the personal data of multiple companies' employees in a single, devastating blow. These breaches not only disrupt operations and erode employee trust, but also trigger a cascade of legal, compliance and data security issues. Why payroll is the perfect target Payroll's inherent characteristics make it a particularly attractive target for cybercriminals. The reasons payroll has a target on its back include: Frequent external communications Payroll teams regularly receive emails from HR, finance and employees requesting changes, creating opportunities for phishing attacks. The frequent nature of these emails lulls employees into a false sense of security. Handles large financial transactions Payroll teams authorise and process bulk payments, making them attractive to scammers. The high-value nature of these transactions incentivises cybercriminals to target payroll systems.
a proactive, technology-
driven approach to security and third-party risk management
absolutely essential”
Ransomware This malicious software encrypts payroll data, holding it hostage until a ransom is paid. Business email compromise Attackers impersonate executives or trusted vendors to trick payroll staff into making fraudulent payments or diverting funds.
1099 attacks Exploits contractor data requirements to
Systems and software connected to critical business infrastructure
| Professional in Payroll, Pensions and Reward | April 2025 | Issue 109 46
Made with FlippingBook - Online magazine maker