Steps to take to mitigate risk of payroll cyber attacks

With the recent cyber attack on Frontier Software, we are aware that there may be concerns over data security and protection in payroll software.

We at Employment Hero understand that sensitive employee and payroll information must be protected, and we take measures to do so.

Employment Hero is ISO/IEC 27001:2013 certified

What does this mean? ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.

We maintain certification through extensive audits of controls to ensure that information security risks that affect the confidentiality, integrity, and availability of company and customer information, are appropriately managed.

For more information, take a look at our trust and security page.

To further ensure your payroll software is safe, it’s crucial to choose a SaaS platform that prioritises data security. Our guide on SaaS Data Security: How to Pick a Safe and Secure SaaS Platform provides a comprehensive checklist to help you make the right choice.

Disaster recovery processes

At Employment Hero, we ensure we have processes and checks in place to safeguard us from attacks. However, no system is foolproof. As part of our ISO certification and obligations, Employment Hero has disaster recovery procedures in place to respond quickly to potential attacks. We carry out regular drills to maintain these processes. Please be aware that these procedures are confidential to ensure success.

Data hosting

Our customers’ data is hosted on Amazon Web Services (AWS). All data is hosted in the AWS Asia Pacific (Sydney) region and is PCI compliant. You can find out more here.

Data is transferred using 256bit SSL encryption and all sensitive data is encrypted on disk.

Managing data securely is not just about hosting; it’s also about understanding and leveraging payroll data effectively. For insights on how to use payroll metrics to mitigate risks and enhance decision-making, consider attending our Payroll Metrics and Analytics Webinar.

Does Employment Hero support HTTPS?

All data transferred via the payroll platform is done so via HTTPS. No data is transferred via HTTP.

How often is data backed up in Employment Hero?

Full backups are carried out daily and transaction logs every 15 minutes.

Are backups recovered and verified and if so, how often?

Our backups are verified and tested on a weekly basis.

What personal information is stored and how is it used?

Please refer to our privacy policy.

Cybersecurity awareness

Human beings are still the weakest link in any organisation’s digital security system. People make mistakes, forget things, or fall for fraudulent practices. That’s where cybersecurity awareness comes in and is extremely important.

This involves the process of educating employees on the different cybersecurity risks and threats out there, as well as potential weak spots. Employees must learn the best practices and procedures for keeping networks and data secure and the consequences of not doing so. These consequences may include losing one’s job, criminal penalties, or even irreparable harm to the company.

By making employees aware of the scope of the threats and what’s at stake if security fails, cybersecurity specialists can shore up this potential vulnerability.

Cybersecurity is just one aspect of payroll risk management. For a deeper understanding of how to identify and mitigate various payroll risks, join our Payroll Risk Management Webinar, where experts will share strategies to safeguard your payroll processes.

What other steps can you take to keep payroll secure?

• Use a password manager such as 1Password to keep passwords secure and protected.
• Do not share your password with anyone. Ensure you use different passwords for different applications – and make sure they are strong. Password managers can help to confirm this.
• Limit user access – Employment Hero Payroll full access users can grant restricted access to other users in order to protect potentially sensitive data.
• Enable Two-factor authentication on your payroll account, to provide an additional layer of security and make it harder for attackers to gain access.
• Enable Two-factor authentication on your email account. Email is a very common attack vector. The more channels you strengthen security on, the less risk of being vulnerable to a cyber attack.

Understanding the competitive landscape in payroll services is also essential. If you’re looking to stand out in this market, explore our guide on How to Compete in the Growing Payroll Services Market for actionable strategies.

If you have any questions or concerns, don’t hesitate to reach out to us.

Wondering why so many businesses choose Employment Hero? Discover the benefits in our article on Why Choose Employment Hero? and see how we can support your payroll and HR needs.

Disclaimer: The information in this article is current as at 1 June 2022, and has been prepared by Employment Hero Pty Ltd (ABN 11 160 047 709) and its related bodies corporate (Employment Hero). The views expressed in this article are general information only, are provided in good faith to assist employers and their employees, and should not be relied on as professional advice. The Information is based on data supplied by third parties. While such data is believed to be accurate, it has not been independently verified and no warranties are given that it is complete, accurate, up to date or fit for the purpose for which it is required. Employment Hero does not accept responsibility for any inaccuracy in such data and is not liable for any loss or damages arising directly or indirectly as a result of reliance on, use of or inability to use any information provided in this article. You should undertake your own research and seek professional advice before making any decisions or relying on the information in this article.