The reasons corporate secrets spread are numerous — carelessness, malicious conduct, coercion, social media slips, questions at job interviews — but nowhere are the stakes higher than in payroll confidentiality. The repercussions are immediate if salaries and bonuses leak: business loss, employee poaching, team discontent and jealousy, and (possible) discrimination liability.
By the numbers: statistics are scary
Statistically, according to a leading security specialist Ipswitch (based on surveys) company secrets are threatened by employee carelessness or self-interest. The implications of this kind of conduct is devastating in any department, but the especially hard-hitting in payroll management:
- 40% of employees admit to using personal email to send sensitive information — secretly
- 25% sent confidential files to their personal emails — with the specific purposes of using it as an asset for a better position at a competitor
- 50% of employees carelessly send secret information via standard email, “thereby putting payroll info, social security numbers, and financial data at risk due to lack of security.” 
- 41% percent of executives use personally owned external storage devices to back up work-related files monthly.
“Data leakage by disgruntled employees is a very real problem,” said Brian Cleary, vice president at Aveksa. “Organizations are struggling with the number of them who try to take confidential and highly valuable data for malicious intent or financial gain.”
It is for these reasons — among other concerns — that many companies are exclusively moving to outsourced payroll management. With outsourcing, there are no disgruntled employees (at least not in your payroll department) and — with a reliable outsourced partner — security and confidentiality is the primary mission.
To find out more about best practices for security of payroll information, contact the experts at Pivotal Payroll Management (contact form below.)
How secrets spread
Most secrets leak when employees leave. That’s a fact. Whether it’s government secrets, or business secrets, or lists of confidential prospects in sales, or passwords for users — employees are the primary source of all of these. Sometimes it’s a disgruntled ex-employee. Or, an accidental disclosure at lunch. Dozens of business secrets leak out through carelessness every day on platforms like Linkedin. Even if an employee doesn’t leave, a series of “job interviews” will lead to the disclosure of salaries to competitors. Whether the leak is malicious, accidental, careless or under duress, the fact is employees are the source.
Payroll is sensitive
Payroll is among the most sensitive areas of privacy. The repercussions to a company are extreme in many cases:
- discrimination accusations due to inequality in payroll
- invasion of privacy liability for disclosing private information of an employee
- vital information needed for competitors to lure away your top producing team members.
And, what about the internal team member in payroll who processes the salaries — how long will everyone’s salary remain private if the payroll member is jealous of another member’s higher pay?
Putting aside legal and social repercussions, there’s also the manager’s perspective. Executives and managers generally don’t like:
- employees gossiping about executive pay or bonuses
- having confidential information on a desk or printer anywhere in the office where team members or competitors might access it
- risk of leaking of information from printed paystubs and documentation in the office, especially manager or executive level bonuses
- giving any of their team members reason to be jealous
- opening their team to “poaching” from competitors who access the valuable compensation information.
Outsource can supplement good policy
Security and confidentiality can be managed with policies, security checks, HR recruitment checks and exit strategies. Regardless of who handles payroll management, these are critical. A strict social media policy can also be essential.
However, the most secure way to manage confidential payroll is a reliable outsource.
Insource or outsource: security best practices
In the event you are “insourcing” all payroll, remember to limit access, particularly with regards to IT and software access. This list of best practices is from Data Knowledge Centre:
- Implement strict password and account management policies and practices.
- Establish a tight and detailed social media policy and enforce.
- Formalize a comprehensive employee termination procedure that takes security and access into consideration.
- Conduct regular enterprise-wide risk assessments.
- Document and implement systems and controls.
- Make insider threat awareness part of security training for all employees.
- Tightly manage security and access to cloud services, and manage access controls (including actively monitoring usage.)
- Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
- Especially with mobile devices, control access and monitor all activity.
- Implement secure backup and recovery processes — bearing in mind that leaks often arise from access to backups.
- Develop a formalized insider threat program.
- Manage disgruntled employee situations pro-actively.
To find out more about outsourcing secure payroll functions, contact us:
 Data Centre Knowledge “Disgruntled Employees and Data: a Bad Combination”