Hybrid and remote working arrangements have taken over the world. Although COVID-19 accelerated the shift from office setup to at-home working, the digital evolution would have forced the shift sooner or later.
In the recent payroll and HR in SA: Rising to the challenges of change research, Sage found that as many as 64% of medium-sized businesses and 50% of small businesses have increased payroll and HR technology investments in the past year.
However, businesses didn’t anticipate that remote or hybrid working would be implemented with little warning. As a result, data protection became a top priority – especially with the enactment of the Protection of Personal Information Act (POPIA) in July 2021.
Unsurprisingly, payroll and HR professionals now have a greater focus on cybersecurity and data privacy than ever before – 37% of HR professionals that use cloud-based systems have increased their focus on cybersecurity. And when it comes to storing and processing employee data, 66% are more concerned about data, information, and document security.
The research identified 10 key security measures that small to medium-sized businesses (SMBs) implement to enhance cybersecurity, improve data security, and prevent privacy breaches in remote or hybrid working environments.
Restricting access to the payroll system
63% of SMBs limit access to the payroll system to ensure that only designated personnel can view information relevant to payroll tasks.
The HR and payroll department handles a large amount of sensitive data, the security of which is strictly enforced by laws such as POPIA and the General Data Protection Regulation (GDPR). Without restrictions, organisations risk unauthorised people accessing confidential payroll information, which could result in a hefty fine, jail time, and/or reputational damage.
To ensure sensitive information stays confidential, payroll and HR professionals must limit access to the data and the extent of access granted to each user.
However, keeping data safe is challenging for SMBs, especially those using manual, on-premise payroll systems.
Specialist cloud-based software has integrated features like automatic compliance and access restriction settings – two crucial security measures that you won’t find in Excel. Sure, you can password-protect a document, but this isn’t enough – as we’ll soon see.
How to restrict access on Sage?
Simply configure access in Sage software’s Security > Access Rights menu. You can limit a user’s access to certain information by granting access to specific people and restricting access to particular features.
Regularly updating software
53% of payroll and professionals use and regularly update their security measures.
Any link, file, or email could harbour malicious intent. Antivirus and firewall software are at the frontline in protecting businesses against breaches. Without them, your organisation and client information are exposed to an ocean of bandits. But they’re not fool-proof.
Hackers are continuously developing ways to bypass security software. Cybersecurity software developers frequently patch and upgrade their solutions as a countermeasure, which is why it’s vital to update your software regularly.
Using cloud-based software can also be highly beneficial in terms of data security. Software-as-service providers constantly monitor and protect their infrastructure to ensure users have up-to-date and compliant security measures.
Requesting authorisation before making payments
52% of businesses request authorisation before making any payments. As online payments increase, so too does the threat of fraud.
Cloud-based solutions support multifactor authentication, assuring that funds are going where they’re intended. In addition, authentication allows a payment to be stopped if it is deemed fraudulent.
With direct feeds to banks and SARS and seamless integration with accounting software, cloud-based HR and payroll software gives you complete visibility of your transactions and peace of mind that all transactions are authenticated and legitimate.
Introducing security policies
52% of businesses have introduced additional security policies to ensure the integrity of their data.
Specialist cloud-based payroll software lets you set up additional security measures, such as multifactor authentication and password protection, to ensure only authorised people can access sensitive data.
Implementing these additional measures is difficult when systems are manual or offline, putting the company at risk of security breaches.
Increasing document security
53% of businesses would use cloud-based HR systems to increase document security.
Password-protecting documents is an important security measure, especially if they contain confidential information. And while it’s possible to do this manually, the granular access control supported by cloud software automatically protects documents and keeps an audit trail of who accessed them and when.
Tip: Until you switch to the cloud, restrict access to Microsoft Word documents by going to the Review tab > Protect > Protect Document. On Adobe Acrobat, you can limit access by going to File > Password Protect.
47% of payroll and HR professionals are implementing data encryption as an additional security measure.
When electronic information is encrypted, it is changed using algorithms or cyphers to make it unreadable. Data can only be decrypted using a specific password or “key”. This is a critical payroll security measure because it makes all online information and data inaccessible to fraudsters. Without encryption, companies risk falling victim to data exposure and fraud.
Cloud-based software makes encryption easy. With just a click of a button, you can encrypt your entire database, safeguarding all your data at once instead of manually encrypting individual folders.
Tip: Until you switch to the cloud, encrypt a document by right-clicking on the respective folder or file > Properties > Advanced > Encrypt contents to secure data.
Securing workstations, servers, and storage space
47% of payroll and HR professionals secure workstations, servers, and storage space to protect them from exposure or data loss.
Any device that employees use to access company data – whether personal or company-owned – must be secured. And while it is generally easier to secure physical workspaces, protecting remote workspaces is more challenging and intricate – unless you operate from the cloud.
Cloud-based systems allow employees to log in and out of the company’s virtual workstations securely and from any device. This means that company databases, servers, and storage spaces are centralised in the cloud and remain safe and encrypted at all times.
Implementing confidentiality clauses
43% of businesses implement confidentiality clauses to ensure data protection.
When employees work remotely and have access to company data, stringent regulations must be in place to protect the company and its clients. To implement this type of policy, organisations can include a confidentiality clause in employees’ contracts, stating the procedures and consequences.
A security policy is a prerequisite for remote or hybrid working. It’s a set of rules that a business enforces to reduce the risk of data loss or exposure and to safeguard the company against leaks, breaches, or fraudulent activity.
Cloud-based software has built-in security measures like encryption, access restrictions, and other data protection processes that prohibit unauthorised people from accessing confidential data and make it easier to enforce policies.
Implementing data retention policies
36% of payroll and HR professionals are implementing a data retention policy.
According to POPIA regulations, all organisations must have a data retention policy to ensure that personal information within the company is handled appropriately.
A data retention policy is a set of rules that helps organisations track how long data is kept and how to dispose of it. It generally outlines the reason for processing the data, which justifies why you’re holding or discarding it.
Without this policy, data that is no longer in use becomes an unnecessary security risk and expense.
Cloud payroll software is automatically compliant with data protection legislation. You can also set your data retention period and means of deletion, and it will automatically take care of it for you – and keep an audit trail.
Segregating duties within the payroll team
30% of SMBs segregate payroll and HR duties because it isolates specific tasks to certain individuals while minimising errors often overlooked by a single employee.
For departments dealing with sensitive and confidential data, segregation of duties (SoD) is highly effective. Because payroll is vulnerable to fraud and error, SoD makes record keeping, calculation, authorisation, and reviewing less risky and more precise.
Although SoD may appear inefficient when only one or two people can complete specific tasks, it does add a layer of security to the payroll network by ensuring that no single person has complete control.
Every step of the payroll process is tracked with cloud-based software, giving you complete visibility and reducing errors and potential fraudulent activity.
[White paper] Payroll and HR in SA: Rising to the challenges of change
The global shift to remote and hybrid working and regular legislative changes have resulted in payroll challenges of considerable complexity for many businesses. Learn how payroll and HR professionals and small businesses are adjusting to the new challenges.