Question

Regarding Risk Assessment

Security is imperative in payroll systems. Payroll information security is about more than computer security. It covers a wide range of security measures like protecting the data or information from theft, misuse, natural disasters, social attacks, or hacking.

How can we advance the security in payroll transactions?

PLEASE MAKE COPY PASTE AVAILABLE

Answer 1

Payroll is a very important part of any company which need proper observation. When any area got related to money, the area got high priority in every aspect. Payroll is the system in which the company's employees are got paid for their job. This will be controlled by one or a group of authorities.There are different type of attacks or faulty actions happen on a payroll system. An attack can be hoped from outside the company or a miseuse from inside the company itself. Bot have to be stopped for the survival of the company.

An attacker from outside can do several type of attacks on a payroll system. Attacker can intrude to the payment portal and make false payments to attacker's accounts or attacker can pay more to a desired employee. Such attacks only be happen when attacker reached completely inside the system. This can be avoided by making the portal well secured without any vulnerabilities. The authntication process to the sysem should be enforced with maximum security by giving double authentication and all.

The next kind of attack that can expect from an attacker is breaching the database. The database will contain so much personal informations and their banking details. An attacker may access the database using a SQL injection. SQL injection is the process of injecting malicious SQL queries through the input fiels of the websites and accessing or altering the database. SQL injection is happening due to poor architecture or framework of the website. Making the system in a trusted framework and having well built database will prevent this.

The next expected malicious acitvity is from inside the company itself. The managers who are in charge of controlling the payroll system may do faulty actions. This is the most dangerous security threat that can happen on a payroll system because this will be very hard to find as the acitivities are done by company managers inside the company itself. They can make false records also to hide their manipulations. They can send money more to their accounts, to a desired employees account or even to someone outside the company showing that sucha a person is working inside the company. The only way to stop this faulty action is the supervision of top most authorities. The company CEO should be aware about transactions happening in the payroll system. CEO must check the bank statment and ensure everything is fine every month. No technological method could help here.