Become an insider!
Get our latest payroll and small business articles sent straight to your inbox.
If payroll were a superpower, then Wagepoint clients – small businesses, accountants and bookkeepers alike – would need more space in their closets for tiny spandex-y outfits. You process payroll quickly, accurately and mightily (It’s a word, we checked.) and protect everyone on your payroll by safeguarding their sensitive data. Addresses. Salaries. Bank account numbers. You’re counted on to process this information and protect it from the eyes of “bad guys,” like hackers. Luckily, there’s a lot you can do to keep everyone safe.
When you’re in charge of payroll, you’re in charge of so much more than pay cheques (paychecks). You’re trusted to keep the personal and private information of your company, your employees and your contractors safe, acting as a barrier between important data and potential security threats. For this reason, it’s important for anyone responsible for payroll to take active steps to increase security and manage risk.
–John Hajek, Risk Team Lead, Wagepoint
When it comes to creating and managing a secure payroll system, simply put, more is more. “There’s no such thing as being overly-cautious,” says Hajek. Err on the side of strong and varied security measures.
Think of these five tips as virtual “bubble wrap” for your payroll:
1. Activate two-factor authentication (2FA) in your Wagepoint account.
Would you feel safer knowing that you had not one – but two – locks on your front door? Two-factor authentication is kind of like that. 2FA is a security system that protects the data in your account by requiring an extra login credential to gain access. In addition to a username and password, anyone trying to log in to your Wagepoint account will need to enter a special verification code sent just to your smartphone — making it harder for unauthorized people to get through the doorway.
2FA is already in place within your Wagepoint account. To activate it, you will need a smartphone and a download of the “Google Authenticator” app from your preferred app store. Follow these instructions to get all set up. It should take no longer than five minutes.
2. Manage access control.
You already know that, much like the story of the time you accidentally walked into a freakishly-clean storefront window and broke your glasses (or is that just this writer?), your Wagepoint password should be kept confidential. To manage access control, ensure that any administrators on your account (or on your clients’ accounts if you’re a Wagepoint partner) are trusted and up-to-date. This means immediately removing anyone that is no longer with the business and scheduling a regular review of your account information, just for good measure.
3. Review your payroll reports.
Take the time to review your payroll reports and bank transactions to monitor for errors and fraud. Just as you would take your car to the mechanic, it’s important to check under the hood of your payroll history.
Look for any red flags, such as amounts that seem higher than they should be, payrolls running during odd periods, exaggerated timesheets, employee names you don’t recognize, etc. Trust your gut and, if you notice any discrepancies or have any concerns, consider hiring an internal auditor to manually review your books as soon as possible.
4. Double-check changes to employee bank account numbers.
Keep your employees and contractors safe by taking extra steps to verify any email requests for changes to their bank account/direct deposit information. Why? Hackers will often use social engineering tactics such as employee impersonation or hacked emails to try to manipulate those in charge of payroll into entering fraudulent direct deposit information. If you receive a request to change payment details for an employee, verify it in person or by calling a trusted phone number for that employee.
5. Become a password ninja.
Get creative with your passwords. Honestly, it’s like an art. Of course you love your dog and you’ll always remember your first born’s birthday, but “Lola2015”can be the difference between a secure account and security compromise. Make sure that the password you select for your Wagepoint account is unique – do not select one that you also use for any other system, especially social media sites or email.
With that in mind, choose a complex password. It doesn’t have to be impossible to remember – just difficult to guess. Passwords should contain at least seven characters, use capital and lower-case letters, include at least one number and, if the system allows it, at least one special character. (Wagepoint users: please avoid using the “#” symbol, as it may cause an error).
Follow these “recipes” for hard-to-guess passwords from Alex Yohn, Wagepoint’s Chief Technology Officer and Denise Foglein, Wagepoint’s Director of Operations.
👉Replace letters with numbers/characters. For example, instead of, “lemontree”, choose, “L3m0nTr33!”. (A thing of beauty, if we say so ourselves.)
👉Use a phrase. Phrases are easy to remember, but difficult to crack. For example, instead of, “CowsGiveMilk!”, choose, “23CowsGiveMilk!” (That’s a lot of milk, Alex.)
👉Use an acronym. Invent a silly statement and use the first letter of each word to create an acronym password. For example, “McMTmmsed”, would stand for, “My cat, Mr. Tibbles, makes me smile every day!”
The most important step in managing payroll security is just to trust your instincts. If, at any time, something in your account gets your spidey senses tingling, take action. We’re here to help! Please submit a ticket within Wagepoint if you suspect any unauthorized use of your account, and we’ll help you with the next steps.
Disclaimer: This article is intended to be informational and does not replace the need for working with an accountant, bookkeeper or other financial professional. While every care has been taken to ensure the accuracy of this content, the relevant laws undergo constant revision. It is a best practice to stay informed on these topics and to consult with experienced professionals. Any errors or inaccuracies brought to our attention will be corrected as quickly as possible.