Cyber crime

AP Teams Under Pressure Following Payroll Attack

Niek Dekker
5 Min

Any attack on payroll automation systems can leave Accounts Payable teams reeling, and unable to maintain best-practice payment controls.

Learn how automating your supplier verifications can free up AP staff to focus on other urgent matters as they arise, without compromising payment controls.

If there’s one way to undermine staff motivation, delayed payroll will certainly do the trick.

Nothing is likely to upset staff more than not receiving their salary when expected. It can result in severe financial hardship, with employees unable to meet their financial obligations, including mortgage repayments, keeping up with rent or utility bills, or even paying for groceries.

Miss a payroll run, and you can expect to be inundated with calls and emails from anguished staff, desperate to know when they can expect to receive their salary.

Who is responsible for payroll?

In many organisations, Human Resources takes primary responsibility for preparing payroll files. This makes a great deal of sense, given that HR typically has responsibilities across recruiting and onboarding staff, overseeing working hours, performance reviews, setting salaries, bonuses, and other employee benefits. Usually, HR also has deep domain expertise when it comes to employment law, so they know what the organisation needs to do to meet its legal obligations.

It therefore makes sense that HR should take the lead when it comes to preparing payroll files.

However, an organisation’s Finance department also has an important role to play. Finance must make sure payroll files are processed accurately, and need to have thorough awareness of reconciliations and tax requirements.

That’s why payroll is, by necessity, a joint HR and Finance responsibility.

The benefits of payroll automation

Managing payroll has increased in complexity over recent years. It’s about much more than simply paying salaries. Organisations need a way to accurately and efficiently manage staff joining or leaving, promotions and demotions, leave entitlements, superannuation contributions, bonuses and commissions, changes to working hours, fringe benefits, and special loading requirements. Keeping up with employee data is also a constant challenge, whether staff regularly change address, update bank account details or a range of other data points.

Get it wrong and company directors could find themselves personally liable for any payroll errors. It could result in legal proceedings against them.

That’s why many organisations are embracing payroll automation. It allows the organisation to streamline many of the payroll processing tasks. By automating many tasks that had previously been manual, the organisation can benefit from significant efficiencies.

Payroll automation software can help the organisation generate accurate payroll files and reports, calculate and file taxes, and process direct deposit payments to staff. Without payroll automation software, all these tasks would need to be handled manually, using up valuable HR and Finance department resources.

What happens when payroll automation fails?

For Finance departments, having payroll automation software allows the staff to focus on other important business priorities. However, when payroll automation software fails, it can create havoc for Finance teams.

Cyber-attackers are increasingly targeting payroll automation software. Due to the fact that these systems often store significant volumes of highly valuable data, including confidential employee records, as well as extensive financial and banking information, payroll automation software is now on the radar of many malicious actors.

The recent case of Frontier Software, a payroll software provider, demonstrates the extent of the problems that can occur when such systems are attacked.

On 13 November 2021, Frontier Software was taken offline by a ransomware attack. The incident not only impacted Frontier Software, but also hundreds of their customers across Australia, including the South Australian government, which claims the personal details of 80,000 South Australian public servants were compromised.

Organisations that rely on Frontier Software have gone into disaster recovery mode. Their Accounts Payable teams are facing the prospect of having to process hundreds, if not thousands, of employee wages manually.

The attack even prompted Federal Group, Tasmania’s largest private sector employer, to make urgent $250 advance payments to hundreds of staff, until the full payroll could be processed.

Payroll automation attack creates major headache for Accounts Payable

For Accounts Payable teams, a payroll automation attack can be a nightmare scenario.

Depending on the nature of the attack, it could take weeks before systems are fully restored. Many ransomware attacks cause irreparable damage to computer systems. Employee data may be permanently lost.

Accounts Payable teams can expect to be run off their feet dealing with employee queries, trying to make emergency payments to staff, whilst trying to access data in backup systems.

In the meantime, all the other tasks that Accounts Payable teams should be focused on will get neglected. There will likely be significant delays when it comes to processing supplier invoices, and maintaining best-practice payment controls will become almost impossible.

How can eftsure help?

When disaster strikes, and Accounts Payable teams are struggling to return to business-as-usual operations, the last thing you need are fraudsters looking to take advantage of the situation by engaging in payment redirection scams.

Sophisticated fraudsters deliberately target organisations they know are under significant stress. With AP staff busy dealing with the fallout from a major cyber incident, they understand that invoice controls may not be adhered to strictly. This increases the risk of AP staff inadvertently paying a fake invoice sent as part of a Business Email Compromise attack.

However, with eftsure sitting on top of your accounting processes, fraudsters will not succeed in their efforts, even when your AP team are rushed off their feet.

Our unique fraudtech platform is able to automatically verify all outgoing payments in real-time, against a database comprising over 2 million Australian organisations. This reduces the need for time-consuming manual controls, allowing your AP staff to focus on other urgent tasks, such as the fallout of a payroll attack.

Reach out to us today to understand how your Accounts Payable function will benefit from the adoption of automated supplier verifications.

Daniel Hareb
As eftsure's Regional Business Director, Daniel is committed to helping Australian organisations stem the rise in fraudulent and erroneous payments. His extensive background as a Chartered Accountant specialising in auditing for KPMG gives him a unique perspective into the risks many organisations face, and the strategies they need to implement in order to protect their financial assets.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.