Skip to content

UKG Inc., a leading provider of HR, payroll, and workforce management solutions announces entering into a definitive agreement to acquire Immedis. Read More

Securing Payroll Services: A Conversation With David Quirke

Tiffany Appleby
Tiffany Appleby
Nov 16, 2023 2 mins

It is estimated that there are over 2200 cyber attacks every single day. Every business is at risk, yet surprisingly few take adequate measures to protect themselves. And the rise of remote work has only complicated security for many companies.

In our recent podcast with David Quirke, we discussed the need for payroll security. David is the Chief Information Security Officer at Immedis, now a UKG company, and has had an extensive career in the information security sector. 

Previously, David served in various IT roles for companies spanning several industries, including finance and pharmaceuticals. He also ran his own company for 20 years, specializing in securing cloud services, before moving into his current role.

In this article, we will cover topics related to modern cybersecurity for payroll:

  • What modern cyber attacks are like

  • Preparedness for cyber attacks

  • Remote work challenges

  • Risks of unsecured payroll systems

What Modern Cyber Attacks Are Like

In the past, hackers have often been represented as lone, 13-year-old computer whizzes in their basement, hacking into systems using arcane computer programming skills.

The reality is much different. Today’s cyber criminals operate as part of large, international crime rings that can coordinate massive attacks. They operate on a high risk, high reward basis.

Another difference is that most attacks actually come from phishing and social engineering. They don't necessarily require exceptional computer skills to operate—only an uncanny ability to fool people.

person accessing sensitive data and creating security threats behind a computer

Phishing messages are much more deceptive than they used to be. Even five years ago, most people could sense when an email seemed off. Now, even those with training can have difficulty spotting a phishing email.

Cyber attacks come in different forms, such as stolen information and denial of service (DOS) attacks. In a DOS attack, a company's servers are flooded with too many requests for it to handle, which causes damage on its own, but also makes it easier for attackers to sneak in unnoticed.

The global cybersecurity situation is changing rapidly, and these trends are likely to worsen. Your payroll system needs to be protected.

Preparedness for Cyber Attacks

Companies of different sizes are vulnerable to attacks of different sizes. As a result, preparedness will look slightly different from company to company.

On the smaller side of things, antivirus and anti-malware software is a must for everyone. Have your payroll department choose their payroll software on this basis. Additionally, a basic website security review is not expensive, yet many businesses don't even bother.

A full payroll system security audit is a must for data security to protect your payroll data. A payroll security audit will reveal potential weaknesses in what would otherwise appear to be a secure payroll system.

large computer with 2 people from a payroll team who manage direct deposit and ensure payroll security

Large companies require a dedicated security team to protect payroll records. It is not enough to simply have your IT team handle security. Although many of the skills overlap, security involves much more. Remember that most attacks are social in nature, meaning that a good security team will be able to design suitable protocols for ensuring that employees are vigilant about threats.

Security Information and Event Management (SIEM) Tools are another key asset in preventing damage from cyber attacks. These tools provide real-time insights of security alerts, log in information, and more, allowing security specialists to pinpoint potential threats to security systems. They might, for example, notice that one employee keeps logging in from six different IP addresses, one after another.

Remote Work Challenges

The shift to remote work during the pandemic introduced new cybersecurity challenges. While many companies had previously been migrating data and operations to the cloud, now everything had to be done remotely. Moreover, people began working from all over the world, making it harder to detect suspicious logins.

Working from home means that companies can't control the security of their employees' WiFi connections. Many may be using insecure connections, or even connecting from Starbucks or another public access point.

Going forward, remote workers and access will be a major focus of cybersecurity efforts for companies of all sizes.

Listen to more on our podcast

Interested in these ideas, and everything else payroll? On our recent podcast, we discussed cybersecurity in payroll, as well as related topics like:

  • Supporting remote employees

  • Work-life balance

  • Legal and compliance issues

Check out the podcast here.