Payroll professionals need be to more vigilant when it comes to protecting personal information as your payroll department are the custodians of sensitive information relating to employees and shareholders, some examples of these are home addresses, dates of birth, bank details, salary, dependent and beneficiary details to name a few.
In today’s digital age, one can only imagine the damage to an employee’s identity if this information ends up in the wrong hands.
While research is showing that the general population is becoming more aware of online fraud and phishing models, a different type of fraud has been on the rise in South Africa
Some examples of fraud are:
Misuse of accounts
whereby the criminal element fraudulently uses the victims account as a vehicle for transporting illegally obtained monies across boarders or inter account.
whereby a fraudster assumes the identity of an innocent individual and uses bogus identity to obtain goods or services. Credit rating which takes years to build can be ruined by identity thieves. Studies reveal that identity theft costs South Africa over R1-billion each year.
fraud where an individual uses false or stolen documents to get employment.
Fraudulent insurance claims
take place when a person making a claim misrepresents information in order to receive payment under a policy that they are not entitled to.
All the information required to facilitate these criminal activities are available to the criminal fraction within an organizations HCM department.
How do we secure HCM information in order to prevent such cases?
Encourage employees not to share personal information.
Protecting confidential and personal information using unique strong passwords. Strong passwords usually include symbols, numbers, lower- and upper-case letters and should be at least 8 characters long. Refrain from using children’s names, your names, date of birth as it would be easy for someone to crack your password.
Passwords should be changed often for all employees but especially when an employee who had access to payroll is terminated. This ensures that the terminated employee will not have access to the confidential payroll information when they have left the company.
Educate employees on phishing schemes, what it is and what they need to look out for. Setting up filters on work emails will help remove unwanted phishing emails.
Usage of restricted network in organization.
Laptop lockdown and biometric security measures.
Limit access to payroll data. Make sure that only designated people have access to the payroll information. Documents should be kept in a locked filing cabinet. Only the authorized employees should have access to the documents.
Use a paper shredder when discarding documents.
Periodic reviews on devices and systems which can pose high risk.
Regular independent audits with the HCM department.
Outsourcing of this function, for offsite storage and securitization.
Making use of a Paper-Less HCM application to store information electronically.
For more information on the above topic, please contact the PSIber Helpdesk at