Protecting Your Accounts Against Cybercrime
Cybercriminals sometimes target SimplePay accounts by using passwords stolen from other platforms. Once they gain access, they may attempt to submit fraudulent information update requests to employee banking details, or make unauthorised changes to employee accounts.
SimplePay's systems are secure – our database is completely isolated, and all passwords are stored with irreversible encryption. Accounts can be compromised, however, when users' passwords are stolen from external platforms.
Reviewing user access
SimplePay sends Account Owners and Admin users with full access a monthly notification when any users on the account have been inactive for 90 days or more. Regularly reviewing and removing unnecessary access reduces the risk of unauthorised account activity. See the User Access Review Notifications help page for more information.
Recommendations¶
To reduce the risk of fraudulent account activity:
- Make 2-Factor Authentication (2FA) mandatory for all users on your account. More information is available here.
- Ask all users to reset their passwords to strong, unique ones that are not reused on other systems.
Review and verify any information update requests directly with employees before approving them. Also, encourage your employees to report any unexpected or suspicious notifications to you immediately.
Additionally, double-check employee details. This can be done in the following ways:
- When you finalise payslips in bulk, the system displays a pre-finalisation page that shows you which employees have had their account details changed, if any.
- When finalising payslips individually, you can view any recent changes under employees' Recent Activity.
- The Employee Changes report shows all employee record changes across your account.
Password best practices
Users on your account should set complex passwords, avoid reusing passwords across systems or reusing previous passwords, and reset passwords periodically.