Back to blogs
All customer stories

Cybersecurity: Together we've got it covered

Jessica McLean
Jessica McLean
September 2, 2025

Share

Running a small business means wearing many hats – and now cybersecurity is one of them. Don't worry though, you're not in this alone. When you use PaySauce, we work together to keep your data protected through what's called a "shared responsibility model."

Think of it like renting an apartment: your landlord keeps the building secure, but you still need to lock your door.

Here’s an introduction to shared responsibility with PaySauce, and what it means for the secure storage of personal data. 

How we protect you (our responsibility)

We're like the security guards for the building. Here's what we handle so you don't have to:

Platform security & infrastructure
  • Secure cloud storage: We store your payroll data in protected cloud facilities that meet strict security standards – think of it as a high-tech vault that's more secure than any filing cabinet.
  • Network protection: Our systems have firewalls and DDoS protection watching for threats 24/7.
  • System updates: We automatically update our software to fix security issues and keep everything running smoothly.
  • Data protection: Your employee and payroll information is encrypted and backed up automatically.
Security tools
  • Multi-factor authentication: We provide extra security for you to use on your account.
  • Access controls: Roles and permissions to ensure that people only see what they need to see.
  • Monitoring and alerts: We watch for suspicious activity and will let you know if something looks wrong, and will alert you to things like login attempts so you can quickly spot if someone is trying to access your account.
Operational security
  • We keep contact information up to date to ensure we’re only speaking to authorised people for a PaySauce account
  • We won’t discuss payroll matters with employees - only with employers
  • We have strong internal security practices and ongoing awareness programmes for PaySauce staff, working with trusted advisors like Trusthound

Keeping your payroll secure is really important to us. If you encounter measures such as our Support team verifying your identity or requesting authorisation from specific people, that’s us working to safeguard your information.

How you protect yourself (your responsibility)

In our apartment analogy, you're the tenant who needs to lock their door.

Here are the key things that are up to you:

Manage who has access
  • Create and remove user accounts as needed - review access regularly to check who in your business has accounts and what they can access.
  • Keep contact details current – tell us immediately when authorised contacts change.
  • Give people only the access they need – only give people access to the data they need and for as long as they need it.
  • Use good password creation and sharing practice - avoid creating insecure passwords for new users and use the ‘send email’ option instead, and if you must set a password for a new user, don’t create a simple or re-used one.

It is not uncommon for us to see accounts left active after people have left. Employee accounts are automatically de-activated when you terminate an employee, however employer or manager accounts are not. In some cases we have seen, ex-employees who had administrative roles could still see payroll information months later. Always remove access immediately when staff leave. It is best practice to review all tools and systems that your employees may have access to and go through a checklist for each person who leaves.

Keep your data secure and accurate
  • Enter employee information correctly – wrong tax codes or bank details cause problems for everyone, and the wrong email entered could mean a payslip going somewhere it shouldn’t.
  • Update payroll details promptly when employees change roles, rates, hours, etc.
  • Secure any reports you download – don't leave payroll reports sitting on your desktop or in unsecured email. Consider if you really need them automatically emailed at all or if you could just run them as needed from PaySauce.

Think of it as though we provide you with a secure filing system, but you're responsible for what goes in the files and who can see them.

Secure your own devices and accounts
  • Keep your devices secure – update computers and phones regularly, ensuring they’re up to date with the latest versions.
  • Use 2FA - we have provided the ability for you to turn on multi-factor authentication for your PaySauce account, and turning this on keeps your account even more secure.
  • Use secure networks – be careful with public Wi-Fi and other unsecured networks.
  • Don’t reuse passwords - use strong, unique passwords. Definitely don’t reuse a common password that you use for lots of personal accounts for the same system such as payroll, accounting, or internet banking.
Use a strong, safe password manager to create and manage strong unique passwords across all of your accounts and systems. Credential stuffing is when cybercriminals take usernames and passwords stolen from one website (like a social media site that got hacked) and automatically try them on thousands of other websites – including your business accounts. It is way more common than you think!
Red flags

Callers saying they are from PaySauce, especially if they’re asking for your password or for you to transfer funds unexpectedly. While our team may call you from time to time, especially if something has gone wrong with a payment, we’d always issue you with properly identifiable confirmation via email and we would never ask you for your password. If you’re unsure, you can hang up and call 0800 746 700 to be sure you’re speaking to PaySauce. 

Attempted log in emails when you weren’t trying to log in - change your password immediately and we recommend setting up 2FA.

Employee requests

Always verify employee requests: it’s been a common scam for many years but sadly these attempts are getting more frequent and more sophisticated. It is common for scammers to email employers pretending to be an employee and asking for bank account details to be updated for their wages to be paid into. 

Sadly, a PaySauce customer had this happen recently and it was done in a very sophisticated way - someone had impersonated their employee by both phone and email over multiple communications. 

We recommend that you always either:

  • Confirm requests with an employee in person or by phone - you should call or text the known number you have for an employee.
  • Ask employees to update their own bank account details in the PaySauce app (remember, they need to keep their account secure too!).
  • If the employee can’t update the information in PaySauce for some reason (e.g. if they do not have a smartphone) create a simple paper form that employees must complete and sign for bank account detail changes, to keep them and you safe.
Bottom Line
We've got your back on the technical stuff, but your daily habits matter too.

It's like running any business – we provide you with a secure, reliable payroll system, but how you use it makes all the difference. You wouldn't give everyone the keys to your cash register or leave sensitive employee files lying around. The same common-sense approach applies to using PaySauce.

The good news? Most security practices are just good business habits. Strong passwords, careful sharing, and keeping information up-to-date protect you both online and offline.

Remember: we're partners in keeping your business safe. We handle the complex technical security and compliance requirements, and you handle the smart everyday practices. Together, we've got this covered.

Related Posts

Charities
Employees
Unlocking the hidden potential of payroll giving
Read more
Compliance
Contractors
Employees vs Contractors: A Small Business Owner's Guide
Read more
Compliance
Contractors
Paying Contractors: Getting it right with withholding tax
Read more