When you run payroll, you handle a lot of confidential and sensitive information. If your business’s payroll information ends up in the wrong hands, it can be devastating for your employees and business.
You must have a secure payroll process at your business.
Payroll contains a lot of information about your employees: home addresses, Social Security numbers, dates of birth, bank account numbers, pay rates, and more. It also contains information about your business, such as your business bank account.
Someone can use your payroll information to steal employee identities and steal from your business.
If you don’t secure your payroll, you could accidentally compromise the privacy of employee information. And, someone could commit payroll fraud without you noticing.
You need to do everything you can to protect payroll data. You must know where threats might come from and how to stop them.
Where do payroll threats come from?
There are two main places payroll security threats can come from: inside and outside your business.
Your employees can pose a threat. Employees who have access to your payroll might try to steal money. Employees might also try to steal information about other employees. They might want to compare wages or even steal someone’s identity.
Even if you know your employees well and trust them, you might still be at risk. Payroll schemes are twice as common at small organizations than at large ones. And, payroll fraud goes unnoticed for an average of two years, meaning your trusted employees might steal money and information without you realizing it.
People outside of your business might try to steal information and money, too. They might hack your computers, use malware, or send email phishing attempts.
You must have protections on multiple fronts to keep a secured payroll.
How to create a secure payroll
Payroll can involve both technology and paper documents. You must secure both of these. You also need to create procedures and rules to protect your payroll. Find out below how you can implement payroll security procedures to secure your payroll.
To protect your payroll, you must set up payroll internal controls.
Run payroll away from your employees. They shouldn’t accidentally see private information. If you can, run payroll in a separate room. If you don’t have a private room where you can run payroll, try to run payroll in an area where employees can’t see your computer screen or paper documents.
Instruct employees not to share personal information with each other. They shouldn’t show each other their personal payroll documents or identifying information.
Regularly conduct a payroll audit. You can do an internal audit (you or someone inside your business does the audit) or an external audit (an outside party does the audit). Audits help you make sure your payroll numbers and procedures are accurate.
If an employee runs payroll for your business, consider separating duties to secure payroll. Large businesses normally have several people involved in the payroll process, but you should try to have at least two. Having multiple people involved helps prevent one person from becoming a payroll security threat.
Separation of duties might be difficult for your business because of your limited staff. But, you might still find a way to have at least two people involved in your payroll process. For example, you might have an employee who runs payroll. The employee might do the whole payroll process within your payroll software, but you write and distribute the paychecks. Only you would have access to the check stock, so no one else can write checks. And, you can examine the paycheck amounts to make sure none are unusual.
You should also let your bank know who is allowed to sign checks and manage business bank accounts. If an employee is no longer authorized to do those tasks, you must notify the bank.
Technology is useful for running payroll, but it must be updated and secured.
Regularly update your payroll software. If you don’t have the latest version, your software might have some security gaps. If you use cloud payroll software, the provider will automatically update the software for you.
Your computer, payroll software, and all other accounts should have strong passwords. Create long and complex passwords. Do not use a password for more than one account. Do not share your passwords with others, and encourage employees to do the same. You and your employees should all regularly change your passwords.
When you are done running payroll, log out of your payroll software account. Do not stay logged in because other people can easily access it.
When an employee is terminated, make sure they no longer have access to accounts. Close their accounts. If an employee had the password to a shared account, change the account’s password.
Set up a firewall on your business’s computers. Install a virus scanner and run routine scans.
Learn about phishing schemes and how you can identify them. These schemes are becoming more advanced, and the emails often look like they come from a government agency or someone within your business. Phishing emails often request payroll-related information, such as an employee’s Form W-2. As a general rule, do not share confidential payroll information through email.
Set up spam filters for your work email. The filters will help remove unwanted phishing emails. However, spam filters are not perfect, so you should still learn how to identify phishing.
If you have paper documents, you must also secure them to maintain payroll confidentiality.
Keep all paper payroll documents locked in a filing cabinet. Limit the number of people who have keys to the filing cabinet. If you a have a designated room where you keep payroll records, keep it locked with limited access, too.
Buy a paper shredder. If you need to dispose of any payroll documents, stick them in the shredder first. You can also use the shredder to dispose of other business documents that contain sensitive information about employees or customers.
If you pass out paper paychecks, keep them in a secure place until you distribute them. If you cannot give an employee their paycheck, store the check in the secure place until you can hand it out. Do not let unauthorized employees touch paychecks or take someone else’s check. This maintains the confidentiality of employee information.
Online payroll software can help you keep your payroll secure. Because the software is in the cloud, you get automatic updates. Patriot’s payroll software even uses encryption and servers that are as secure as a bank’s. Start your free trial now to make your payroll process more secure.