Brought to you by
BrightPay logo

The payroll solution that provides all you need for Auto Enrolment.

Save content
Have you found this content useful? Use the button above to save it to your profile.

5 ways to prevent a payroll cyberattack

13th Jun 2023
Brought to you by
BrightPay logo

The payroll solution that provides all you need for Auto Enrolment.

Save content
Have you found this content useful? Use the button above to save it to your profile.

While you might think your clients’ payroll data is always secure and unlikely to get hacked, recent events have shown otherwise. Earlier this month, payroll software company Zellis, had the data of over 100,000 employees compromised. The payroll information belonged to employees who worked for eight of its customers, including well-known companies like Boots, the BBC, British Airways, and Aer Lingus. 

The software which was hacked was MOVEit, a file transfer solution, which was used by Zellis. The data that was compromised included sensitive payroll information such as NI numbers, and potentially bank details. 

The consequences of a payroll data breach can be catastrophic, and this has consequentially raised some serious concerns over payroll data protection. If hackers lay hands on sensitive payroll information like bank details and NI numbers, they could be used for fraud. 

It's critical to pay extra attention to your company's payroll data protection policies to ensure it's as robust as possible. Data breaches can result in fines, legal fees, reputational damage and business interruption, so as an accountant, it’s important to know what measures you can take to help prevent such a breach from happening. 

However, protecting payroll data isn't always straightforward – it requires investment in tools and consistent staff training. After all, the 2022 World Economic forum Global Risk Report states that 95% of cyber security breaches in 2021 were due to human error . Something as simple as clicking on a link in a phishing email masquerading as an email from a colleague, could result in a serious data breach. 

payroll security

5 ways to improve your payroll data security

1. Look at your company policies 

Touching on what we mentioned above, your staff need to be aware of things like phishing emails and keeping their log in details safe, in order to prevent cyberattacks. This is all down to training – so consistent training is recommended to keep staff attuned to any unusual inbox activity. It’s important to also look at your password policy. Are log in details ever sent through emails or instant messages, are they recorded in a spreadsheet, or written on a sticky note beside your desk? Using password managers are one of the most secure forms of password storage – in fact, those who don’t use password managers are three times more likely to experience identity theft than those who properly use them. So, while going to such measures may be a bit tricky to navigate at first, they stack up and help ensure that your payroll data stays out of harm’s way. 

2. Store payroll data on the cloud 

When it comes to protecting your payroll data, encryption is key. Basically, encryption scrambles your data so it can only be accessed with the correct decryption key. This makes the data essentially useless to hackers as they won’t be able to read it.  

3. Use two-factor authentication 

Two-factor authentication adds an additional layer of protection by requiring users to enter their password along with a second security code before they can gain access to a system. This can provide an extra layer of bubble wrap around your payroll data, deterring hackers from accessing files. 

For example, in the settings tab of BrightPay’s cloud-extension, BrightPay Connect, you can set up two-factor authentication. This means when you attempt to sign in, a code will be sent to you through text or email. You then must enter the code into the system before you can gain access to the dashboard. Another example is when using payment platform, Modulr to pay employees through BrightPay. When logging into the system, a code is sent to an authentication app on the user’s mobile, which then must be entered into the system before logging in and authorising payments.  

4. Giving clients more control over their payroll data 

Giving clients more control over their payroll data is another way to keep your payroll data secure. One way of doing this is to let clients enter updated payroll information or run payroll reports through a secure online portal, like BrightPay Connect, rather than figures being thrown around in an email or on WhatsApp. Not only does this massively reduce the chance of unauthorised access, but losing track of such emails and misinterpreting messages could cause also errors in payslips. Most likely, the responsibility to rectify them will likely falling onto you too, so by giving clients more control over their payroll data, you’re protecting your firm, and saving time in the long run. 

5. Follow GDPR best practices 

Following GDPR best practices is a must. We won’t delve into the specifics, but you can find more information on GDPR guidelines here. Payroll data breaches are a lot more common than people think, and you aren’t just risking your client's payroll data, breaches can also damage your firm's reputation. Here are some common examples of ways data can be compromised: 

• Sending one of your client’s payroll reports to another client without their expressed permission. 

• Your computer gets stolen, and your clients’ payroll information is leaked to unauthorised third parties. 

• Staff’s personal information on their payslips is altered without their expressed permission. 

So to counteract this, start with regular risk assessments to pick up on system vulnerabilities – do you have anti-virus software, firewalls, or other procedures in place? 

6. Let employees access payslips themselves 

Unfortunately, forgetting passwords, losing a payslip, or misplacing a paper-based contract can bring up a whole list of security issues. And let’s face it, looking for missing payslip is like finding a needle in a haystack – downright impossible. That’s why we recommend using a centralised system that lets employees access and download all their new and past payslips from the one place. Not only can this help boost your firm’s security, it’s also super convenient. 

For example, with BrightPay Connect, employees can use their employee app to access their payslips anytime, anywhere, without having to worry about paper payslips or email attachments. This makes your life easier by saving you time and keeps your employees happy, and let’s face it, who doesn’t want that? 

This cyberattack isn’t the last… 

The Zellis cybersecurity attack is only one of many payroll related cyberattacks over recent years, and sadly, it won’t be the last one either. Firms need to be vigilant and ensure they’re doing all they can to protect their payroll data. It's never too late to focus on payroll data protection and start putting the necessary measures in place. For more ways on how you can boost your payroll security, check out or free guide below.

eleanor vaughey



 Written by Eleanor Vaughey | Bright




Related articles: