A cybercrime is reported in Australia every six minutes according to new data published by the Australian Signals Directorate, and the SME sector is especially vulnerable.
During the 2022-23 financial year the cost of cybercrime to businesses increased by 14%. Per cybercrime report, small businesses experienced an average financial loss of $46,000, while cybercrime cost medium businesses an average of $97,200.
Despite the risk, we live and work in a digital age and the personal details of staff and customers are increasingly moving online.
In this modern age protecting payroll data has become essential for small business owners to ensure the confidentiality and security of sensitive information. Here are some best practices to help small business owners safeguard their payroll data from cyber threats.
Ensure your business has access to reputable payroll software that includes robust security features. Ensure that the software is regularly updated to patch any vulnerabilities.
Limit access to payroll information to only essential personnel. Use strong, unique passwords and consider implementing multi-factor authentication.
Train employees on cybersecurity best practices, such as recognising phishing attempts and the importance of secure password management.
Keep all software, including operating systems and antivirus programs, up to date with the latest security patches. Regularly update and patch the payroll software to address any vulnerabilities.
Ensure that physical access to payroll records is restricted to authorised personnel. Use secure storage for any physical documents that may contain payroll information.
Use encryption for both data in transit and data at rest. This ensures that even if unauthorised access occurs, the data remains unreadable.
Implement regular backup procedures for payroll data to prevent loss in case of a cyber incident. Store backups in a secure location, and test the restoration process periodically.
Implement monitoring systems to track access and changes to payroll data. Conduct regular audits to identify and address any anomalies or unauthorised access.
Use strong encryption protocols for Wi-Fi networks to prevent unauthorised access to sensitive payroll information.
Encrypt email communications containing payroll data, especially when sharing sensitive information with employees or third parties.
Develop a comprehensive cybersecurity policy that outlines best practices for handling and protecting payroll data. Ensure that all employees are aware of and follow these policies.
Consider cyber liability insurance to provide financial protection in case of a data breach or cyberattack.
If you use third-party payroll service providers, ensure they have robust security measures in place. Perform regular security assessments on these vendors.
Develop and regularly update an incident response plan to guide actions in the event of a cybersecurity incident. This includes steps to contain, eradicate, and recover from an incident.
Ready to step-up your payroll practices? Talk to Retinue about our payroll service and how we can support you*.
*Retinue’s payroll service includes the processing of hours and wages rates provided by you. We do not determine award rates for your employees or provide advice on the correct employment status of your employees. It is your responsibility to ensure that your employees are paid correctly and we recommend obtaining advice from specialised employment relations experts.
*Retinue’s (ABN 66 658 618 449) payroll service includes the processing of hours and wages rates provided by you. We do not determine award rates for your employees or provide advice on the correct employment status of your employees. It is your responsibility to ensure that your employees are paid correctly and we recommend obtaining advice from specialised employment relations experts.
Protection is only provided for ATO investigations notified to us during the period which you are a client and relating to any tax returns or lodgements prepared by us. Fines includes any penalties and interest that may result from any errors made by us but does not include any additional tax liability that may result from an amended lodgement.
Liability limited by a scheme approved under Professional Standards Legislation.
