Payroll and Ransomware: Here’s what you need to know

3rd Dec 2021
Brought to you by
Share this content

By now, you have likely heard of Ransomware. It’s nothing new, but similar to its biological counterpart, it is a virus that has risen and spread rapidly in the past couple of years. It is a type of virus or malware that is now considered one of the biggest securities and financial threats facing organisations around the world. While it is more common to hear of large corporations paying out high ransom demands, it is also a serious threat to small businesses.  

Small businesses make easy targets when they don’t invest in cybersecurity and training. All it takes is for an employee to click on a ‘phishing’ email, a compromised web page, or for there to be a vulnerability in an old operating system, and the virus can gain access to the company’s network. The virus can then spread through the network encrypting or locking up files. To restore or gain access to the files, the victim will likely have to pay a ransom, usually in the form of bitcoin or another cryptocurrency.  

In order to protect yourself, you’ll need to understand what data is essential for your business. Working in accounting and bookkeeping means you hold valuable and sensitive information. To provide payroll services for example, requires you to hold personal and financial information regarding your client and your client’s employees. 

How can small businesses protect themselves from ransomware?  

It is unlikely that your business can afford to have a dedicated team focused on cybersecurity, but there are simple steps all SMEs can take that can reduce cybersecurity risks.  

  1. Back up your data 

This might seem like an obvious one, but your business relies on data, and as such, it cannot be overstated how important it is to regularly back up your files. This will allow your business to continue its operations in the event of a ransomware attack. To help back up your data, consider using the cloud. Using cloud storage means your data is stored on a virtual server, physically separate from your location.  

For your payroll data, BrightPay offers an optional cloud add-on, BrightPay Connect, that works alongside the desktop payroll software. It automatically backs up the payroll information to the cloud. In addition, its client self-service portal makes running payroll a smoother, quicker process.  

All data in BrightPay Connect is stored securely within Microsoft Azure data stores, access to which is tightly restricted to a limited set of servers and IP addresses. These data stores are replicated across multiple data centres to protect against a major data loss event impacting a particular data centre.  

  1. Check your IT system and third-party applications  

Installing antivirus software, applying software updates, and switching on your firewall are all simple to do and are instantly effective. Other useful practices include controlling what software can be downloaded and installed to a company device and reducing the use of USB drives.  

When it comes to third-party applications essential for your company’s operations, research what type of security they use to protect your information. For example, BrightPay Connect encrypts your data. All traffic into and out of BrightPay Connect is encrypted using SSL (an encryption-based Internet security protocol). If the payroll data on your own device is compromised, it should be worthless as many of the key fields (e.g. NI number, names, bank details) are encrypted within the software. 

  1. Password protection  

Passwords are an easy and effective way of preventing unauthorised users from accessing devices and applications. All company devices, including computers, laptops, phones and tablets should be password protected.  

Two-factor authentication has become a popular additional layer of security offered by many software companies. It requires a user to enter their username and password. Instead of immediately gaining access, they are then required to enter another piece of information such as a pin which has been sent to their mobile phone. Although it takes a little extra time to gain access, you should always enable it if it is offered.  

BrightPay Connect offers two-factor authentication. When enabled, any employer who tries to sign into BrightPay Connect will need to enter a security code sent to them via an email or text. This provides an extra layer of security to your account and to the client’s portal in the event of your password being stolen.  

Schedule a BrightPay Connect Demo Now 

If you’re interested in learning more, book your free BrightPay Connect demo. A member of our team will walk you through the various features of BrightPay Connect and explain its many benefits. 

Related Articles: