ITBusiness.ca

Why payroll security should be handled by the cloud in the new normal

Source: Vadzim Kushniarou | Getty Images

Companies have been hesitant to shift certain workloads to the cloud. Payroll, for instance, has largely been kept on-premises. Only a quarter of small businesses elect to use cloud-based systems for their payroll. 

Part of the resistance to cloud adoption stems from security concerns. Since cloud-based solutions are accessible over the internet, some tend to believe that these platforms are more prone to cyberattacks despite the growing consensus that public clouds are now actually more secure than on-premises environments.

However, this trend of keeping payroll offline may change quickly, as the world adapts to the new normal. Since most organizations are now working remotely due to the pandemic, deliberately putting off moving workloads like payroll to the cloud can give rise to several troublesome issues, including loss of productivity and exposure to fraud and business compromise.

“Typically, payroll is done on-premises but now, remote work has suddenly become the norm. The cloud offers the best option for most organizations to be able to handle the workload, and still have the necessary safeguards in place to secure it against fraud and compromise,” Papaya Global chief executive officer Eynat Guez explained.

Considering the current landscape, organizations must seriously consider the shift. 

Changing circumstances

While some economies are already opening up, many organizations are keen on continuing their remote work policies. A Gartner survey revealed that 82 per cent of business leaders are looking to provide workers the option to work remotely some of the time, once they reopen their workplaces. Almost half are even considering allowing employees to do so on a full time basis. However, the adjustments needed to support remote work can create gaps in processes, leaving certain workloads error-prone and at risk of exploitation. 

In the case of payroll, first, there’s the issue of keeping the department functional. Handling payroll on-premises has typically been straightforward, since workers are collocated. Many companies have some form of attendance system that logs employee presence, when they report to work. But with remote work, payroll departments that are stuck using offline systems would have to go through the process of gathering the information manually from their colleagues. Manual processes are not only tedious, but are also susceptible to data errors and loss.

Without proper time tracking mechanisms, remote work can even create the problem of time theft. Some employees may look to cheat and inflate their reported work hours for easy pay. Since payroll departments have to take their colleagues at their word, they would be none the wiser should some unscrupulous workers game the system.

Companies may also become vulnerable to attacks such as business email compromise (BEC). If its tasks are managed manually, a payroll department would have to rely on email to interact with colleagues and secure management approval. It is possible for a scammer to impersonate an officer or manager using fraudulent email, and have the payroll department disburse payment to the scammer’s account. Hackers have been quite versed in using such tactics to scam payroll departments. U.S. companies lost $8.3 million between January 2018 to June 2019 due to BEC and payroll diversion scams. 

Advantages of the cloud

This trend of embracing remote work is seen to further accelerate cloud adoption by companies. 

“Fast forward to today, and the COVID-19 pandemic has magnified the importance of the cloud in large and small enterprises as a vital asset to business operations. It is clear that organizations are hastening their cloud migration during the crisis, as the cloud is enabling them to operate remotely now while also serving as the foundation for digital transformation and ongoing innovation,” LogicMonitor product chief Tej Redkar said.

In the case of payroll, modern cloud-based solutions provide several key advantages that mitigate these risks. To start, these platforms can be accessed remotely, enabling payroll departments to perform their tasks even as they work from home. 

Most cloud payroll solutions also provide support for entire workflows with features that automatically compute pay and deductions, generate pay slips, and disburse payments. They can also be integrated with other applications that companies may be using such as scheduling and time tracking applications and bookkeeping platforms. This can help payroll departments avoid erroneous computations and prevent time theft.

Platforms now also have user role and access management functions that can be used to define the scope of capabilities that any account can have. Validation and authorization features can also help ensure that only legitimate transactions are processed by the system. All disbursements would need to be properly authorized in the system, mitigating the risks of BEC attacks. 

Solutions providers also know about the various risks posed by hackers, and they continuously improve their security measures. The better ones are SOC 2-compliant and are ISO 27001 certified, meaning they apply and implement the necessary controls and measures to keep their services and users’ data secure. Sensitive information such as personal and financial data are encrypted, to prevent unauthorized parties from doing anything with the data in the event of breaches. 

It’s also easy to integrate other security measures to better protect cloud applications. Companies can readily implement security tools, such as web application firewalls, to protect the access to the company’s cloud payroll platform.

Shifting the workload

Shifting the payroll workload can be a fairly easy process. Cloud-based payroll platforms are commonly available as Software-as-a-Service (SaaS), allowing companies to readily subscribe to them and deploy them. Most have features that allow users to import their existing employee data onto the platform in order to quickly get payroll departments up and running. 

Concerning security, cyberattack risks should be fairly controlled, as long as the company abides by the best security practices when using cloud solutions. Smaller operations that may have limited security measures in place are even better off trusting their payroll data to cloud services, as these platforms surely implement more protection to systems than these small companies can.

Organizations still have to consider putting up a comprehensive security strategy to cover all their bases. As the Canadian Centre for Cyber Security has advised, “When it comes to moving to a cloud-based environment, organizations need to remember that it’s not just the cloud service providers who are responsible for securing different components: the organizations are too. 

“This shared responsibility makes adopting the cloud even more complex, which is why it is important that organizations understand the overall effectiveness of their security controls and those implemented by the cloud service provider.”

Exit mobile version