Cybersecurity weighs heavily on corporates’ minds, especially when incidents like the Equifax data breach occur. But often, businesses prioritize security of customer data, then safeguard internal company data. Experts warn some companies could be missing a huge area prone to data hacks: payroll.
“Payroll data is a treasure trove for cybercriminals, and payroll professionals need to question applications, processes and relationships with third parties to help ensure that data are secure,” wrote Michael Baer, managing editor of Bloomberg BNA’s Payroll Library, Payroll Decision Support Network and International Payroll Decision Support Network. Last week, Baer reported on the American Payroll Association’s Fall Forum, which focused heavily on payroll security.
Regulators across the globe are looking to ensure that customer and corporate data is secure, and those initiatives include outlining cybersecurity standards for payroll systems. But according to Payslip Founder and CEO Fidelma McGuirk, safeguarding payroll is a challenge, especially when companies are expanding globally.
“Medium-sized businesses are very often growing at an accelerated rate,” she recently told PYMNTS. “And they have shorter timelines for rolling out operations. They don’t necessarily have a team of people specialized in setting up overseas operations.”
These companies need to procure a reliable payroll partner across borders to pay their expanding workforce in other markets, she continued. Not only can this process result in a siloed payroll function spread out across geographic borders, oftentimes, this tactic can create security vulnerabilities in the enterprise.
“Once they pick a payroll partner, depending on who they choose, the majority of international payroll data is exchanged by spreadsheets and email,” said Fidelma McGuirk.
For companies across both the U.S. and Europe, cybersecurity is an increasingly important part of the business, and McGuirk said that she’s seen this trend in conversations with enterprises across the globe. But, she said, while incidents like the Equifax data breach may heighten awareness of corporate cybersecurity, they don’t necessarily lead to the safeguarding of payroll systems against cybercriminals.
“Employee data doesn’t become a major concern that we hear of very often, but [data breaches in payroll] can certainly happen,” she said. “Companies are reasonably aware of it. And I say ‘reasonably’ because not all of them are.”
Regulatory guidelines may help address this issue. In the European Union (EU), regulators have established General Data Protection Regulations that will come into effect next May. Payroll departments should adhere to these rules too, according to reports from Bloomberg BNA.
“Private companies that comply with voluntary guidance released by the federal government regarding cybersecurity enhancement may increase protection of payroll data,” the publication wrote last month, “and also increase their preparedness for abiding by data privacy regulations the European Union is to implement next year.”
But payroll data security is only one of several points of friction McGuirk said plagues medium-sized, high-growth companies that expand internationally.
Larger enterprises, she explained, are able to deploy the resources and time necessary to work with large payroll vendors in various markets. For the middle market, though, working with a patchwork of multiple vendors can mean siloed flows of data into central treasury management systems, a lack of visibility into payroll transactions and overall cash flow, and, of course, foreign exchange (FX) challenges, with payroll being made in various international payments other than the core currency in which a firm’s treasury operates.
If recent data by the American Payroll Association (APA) is any indication, friction in payroll, especially on an international scale, is no good for employee satisfaction. Last month, the APA released the results of its “Getting Paid in America” survey, which found that nearly 40 percent of employees noted it would be “very difficult” to meet their current financial obligations if their paychecks were delayed by only a week. More than a quarter said they had some doubts over the accuracy of their paychecks, a statistic that follows early research from The Workforce Institute at Kronos that found more than half of American workers have encountered at least one problem with their paychecks in the last year.
When companies operating across borders are forced to manually (and sometimes insecurely) string together data from various markets and various payroll vendors, the chances of mistakes may rise.
Payslip’s solution to the problem is to provide a platform through which all payroll vendors and data can be aggregated, integrating with treasury systems, providing a more simplistic view of payroll (in a single currency), ensuring regulatory compliance across borders and safeguarding the data.
With so much at stake, from employee satisfaction to the security of employee and company data, the payroll industry would do well to benefit from FinTech innovation, said McGuirk.
“Payroll is a part of the core treasury function, and it can be an area that needs work and attention,” she said, adding that the influx of FinTech innovation has “absolutely” enabled payroll to gain capabilities it didn’t have before.