Speak To An Expert
Skip to content
search
    Close search
    | 1 minute read

    The pragmatist's guide to cybersecurity in payroll

    by activpayroll

    Why payroll professionals should be a company’s first and last line of defence in fighting fraud and cybercrime.

     

     

    Cyber threats are a growing concern for businesses worldwide. By one measure, 75% of global companies experienced at least one security breach in 2024, and one-third of respondents had more than six incidents.

    Payroll is a particularly appealing target for cybercriminals because of its access to a company’s finances. Even if you don’t consider yourself a cybersecurity expert, payroll should be a company’s first and last line of defence in the war against cybercrime. If your organisation isn’t so large as to have a dedicated cybersecurity team, it’s even more important that payroll be actively involved in safety training and contingency planning. Here’s what you should know about cybersecurity in payroll.

    network-2402637_1280

    Common criminal tactics

    A company’s ability to foster a truly diverse and inclusive environment depends on exposure to different perspectives, cultures and experiences. Mobility actively enables this exchange by facilitating global talent movement. By embracing international assignments employees, businesses can:

    • Malware and ransomware: malware attacks, where a malicious virus infects an organisation’s systems, are a very common and effective form of scamming. The NotPetya malware attack in 2017 cost businesses more than $10 billion. Ransomware, a common form of malware, is one of the main ways payroll departments are targeted globally. Infected systems are encrypted and frozen until the target pays criminals a ransom, usually in cryptocurrency.

    • Phishing: criminals often send spoof emails to people in payroll or finance to try to get access to the company’s system. A harmless looking link or attachment in a phishing email leads the recipient to unknowingly install malware on their system. Once criminals have access to internal emails, file servers and calendars, they can scam even more convincingly, sending messages posing as a known contact.

    • Business email compromise (BEC): in a BEC attack, a hacker uses an email account impersonating an employee or executive. The hacker might ask a payroll associate to change an employee’s bank details or share payroll data with them. In 2019, scammers sent the city of Ocala, Florida, an invoice for $6 million, posing as a construction company working on the city airport.

    • Employee fraud: current or former employees could manipulate payroll records to pay fictitious employees, divert funds to another bank account, or alter a file to pay someone more. A HR manager in China who created 22 fake employees to steal 16 million yuan (about $2.2 million) in salaries and severance payments was only caught after eight years of scamming.

    pexels-divinetechygirl-1181354

    How to stay prepared

    Cybersecurity is not something that you finish — it’s an ongoing practice that requires regular testing and tweaking. Regular refreshers on internet safety are needed for all employees, from part-time workers to the executive suite. But it’s especially important for the payroll department to be aware of best practices and follow safety protocols.

    • Ensure your systems are built as securely as possible. In addition to antivirus programs and firewalls, all users should be set up with two-factor authorization to access company data and systems.
    • Conduct ongoing cybersecurity training for all associates. Most cybersecurity breaches involve human error. One bad click can compromise your whole company.
    • Regularly conduct risk audits. This includes reviewing the risk assessments and contingency plans of all your third-party tech partners. A compromised vendor can unknowingly give access to its clients. Business continuity plans for the company and for payroll specifically should be revised regularly.
    • Listen to the data. Automated programs can flag unusual activity on your systems before any human notices. Running regular reports on your payroll can also help you detect any suspicious behaviour.

    Unfortunately, the question is not what you should do if your company faces a cyberattack, but rather what you should do when your company is attacked. But facing the reality of today’s cyber threats will help you be prepared to withstand the challenges that come your way.

    Payroll points to consider
    • Ensure protocols for adding new employees to payroll are clearly documented for managers and followed every time.
    • Likewise, banking changes for existing employees should take place exclusively from within a secure HRM system if possible. If requests come in via email, payroll should confirm the changes via a secondary channel, such as by office phone or within Slack or Teams.
    • Two-factor or multi-factor authorization should be in place for all payroll, HR and finance systems.
    • Administrators should issue two accounts, one with admin privileges to make system changes and the other account for email, deploying updates and generating reports.
    • Be sceptical of any unusual request that comes your way with great urgency. A common exploit is for scammers to pose as a company executive and urgently ask an employee to purchase gift cards.
    Your cybersecurity action plan

    Every organisation should have a Business Continuity Plan that is updated regularly by executives and stakeholders to guide the company in case of emergency. The basic steps in case cybercrime occurs are:

    1. Identify the breach, determine the scope and notify stakeholders
    2. Contain the breach as soon as possible
    3. Contact law enforcement if data or financial losses have occurred
    4. Keep stakeholders updated, including vendors and clients if affected
    5. Document lessons learned and share with stakeholders

     

     

    Talk to an expert and find out more about our global payroll solutions

    Get In Touch

    Latest news & insights

     
    October 3, 2025 | 2 minute read

    Singapore Key Enhancements to myTax Portal

    Singapore’s Inland Revenue Authority (IRAS) launched major upgrades to its myTax Portal starting 18 August...

    Read More
     
    October 2, 2025 | 2 minute read

    Singapore Updates Progressive Wage Model for Retail Sector: Key Changes for Global Employers

    Effective 1 September 2025, Singapore’s Ministry of Manpower has announced a significant update to its...

    Read More
     
    October 1, 2025 | 2 minute read

    New Zealand Holidays Act Reform: What Global Payroll and Tax Professionals Need to Know

    New Zealand is embarking on a major overhaul of its Holidays Act 2003, aiming to simplify leave entitlements...

    Read More

    Talk to a specialist today and find out how we support the growth of over 500 businesses with a range of activpayroll solutions designed to help your global payroll and people operations succeed.

    Get In Touch