Steps to take to mitigate risk of payroll cyber attacks

This is a text post that reads: 'Safeguard your confidential information from cyber attacks'.

With the recent cyber attack on Frontier Software, we are aware that there may be concerns over data security and protection in payroll software.

We at KeyPay understand that sensitive employee and payroll information must be protected, and we take measures to do so. 

KeyPay is ISO/IEC 27001:2013 certified

What does this mean? ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.

We maintain certification through extensive audits of controls to ensure that information security risks that affect the confidentiality, integrity, and availability of company and customer information, are appropriately managed.

Here is a copy of our ISO 27001 certificate.

Disaster recovery processes

At KeyPay, we ensure we have processes and checks in place to safeguard us from attacks. However, no system is foolproof. As part of our ISO certification and obligations, KeyPay has disaster recovery procedures in place to respond quickly to potential attacks. We carry out regular drills to maintain these processes. Please be aware that these procedures are confidential to ensure success.

Data hosting

Our customers’ data is hosted on Amazon Web Services (AWS). All data is hosted in the AWS Asia Pacific (Sydney) region and is PCI compliant. You can find out more here.

Data is transferred using 256bit SSL encryption and all sensitive data is encrypted on disk.

Does KeyPay support HTTPS?

All data transferred via the payroll platform is done so via HTTPS. No data is transferred via HTTP.

How often is data backed up in KeyPay?

Full backups are carried out daily and transaction logs every 15 minutes.

Are backups recovered and verified and if so, how often?

Our backups are verified and tested on a weekly basis.

What personal information is stored and how is it used?

Please refer to our privacy policy.

Cybersecurity awareness

Human beings are still the weakest link in any organisation’s digital security system. People make mistakes, forget things, or fall for fraudulent practices. That’s where cybersecurity awareness comes in and is extremely important.

This involves the process of educating employees on the different cybersecurity risks and threats out there, as well as potential weak spots. Employees must learn the best practices and procedures for keeping networks and data secure and the consequences of not doing so. These consequences may include losing one’s job, criminal penalties, or even irreparable harm to the company.

By making employees aware of the scope of the threats and what’s at stake if security fails, cybersecurity specialists can shore up this potential vulnerability.

What other steps can you take to keep payroll secure?

  • Use a password manager such as 1Password to keep passwords secure and protected.
  • Do not share your password with anyone. Ensure you use different passwords for different applications - and make sure they are strong. Password managers can help to confirm this.
  • Limit user access - KeyPay full access users can grant restricted access to other users in order to protect potentially sensitive data. Find out more here: AU | UK | NZ | SG | MY
  • Enable Two-factor authentication on your payroll account, to provide an additional layer of security and make it harder for attackers to gain access. Find out more about how to manage this in KeyPay: AU | UK | NZ | SG | MY
  • Enable Two-factor authentication on your email account. Email is a very common attack vector. The more channels you strengthen security on, the less risk of being vulnerable to a cyber attack.

If you have any questions or concerns, don’t hesitate to reach out to

Kate Brown

Marketing Manager at KeyPay

You might also like...

Single Touch Payroll Phase 2
November 26, 2021

Single Touch Payroll Phase 2: What to expect and how to get ready

Single Touch Payroll phase 2 will be mandatory in January 2022. Ensure your payroll software is STP Phase 2 compliant by the mandatory start date.
Industry Insights
This is a text post with an image of Shelley Costello. She is wearing glasses, is smiling at the camera and has pink lipstick on. The text reads: "Shelley Costello joins KeyPay as our NZ Product Specialist".
November 12, 2021

From humble beginnings in Rotorua to changing the face of payroll

Experienced NZ payroller of 27 years, Shelley Costello, joins KeyPay. Bringing a wealth of knowledge and insights, Shelley's changing the payroll game.
Industry Insights
Image of a man's hands holding a piece of paper and stapling them together. He is wearing a watch on his left wrist whilst holding the paper in his left hand, and is holding the stapler with his right hand. He is wearing a suit.
October 25, 2021

Super stapling: What you need to know

Super stapling comes into effect on 1 November 2021. This will have implications for new employees, employers and their onboarding processes.
Industry Insights
Automation illustration

Not using KeyPay yet?

Try it free for 30 days

Learn more