Cybersecurity meets payroll: Protecting sensitive employee data

September 16, 2025

Sara Maginn Pacella

While people often discuss the exciting potential of artificial intelligence (AI), there are also consistent concerns among those adopting or considering the adoption of AI systems. A recent report from McKinsey reveals that “top concerns [surrounding implementation of AI systems] are cybersecurity, privacy, and accuracy.” Protecting sensitive employee data has always been a top priority for human capital management (HCM) professionals, although AI is shifting approaches to data protection.

Siloed uses of AI across an organization can increase the risk to sensitive information, particularly when departments adopt AI at different rates and with varying terms of use and when guidelines have not yet been established.

HCM Podcast

Produced with Google Notebook LM Using AI Narration

Payroll cybersecurity meets AI

Rachel Guinto is a leader in the field of cybersecurity. She has over 20 years of experience in cybersecurity related to institutions and the financial industry. She shared her insights and expertise on AI and data security with HCM Dialogue.

Employee concerns about AI and security go beyond survey sentiments. They impact everyday work lives. Guinto reiterates that AI is a catalyst pushing organizations to become more vigilant about data security, quality, and privacy. She says, “Increasingly, [organizations] need to be sure about where sensitive data lives, how it’s being protected and who has access to it.”

In terms of actionable solutions for ensuring secure payroll systems, Guinto suggests prioritizing labelling data to identify its classification, which enhances an organization’s ability to restrict which data AI has access to. She says, “In addition to monitoring and alerting for data moving outside the organization, it is becoming important to know how data is moving within an organization and what data AI has access to via the internal user’s access.”

A critical eye to protecting sensitive data with AI security tools

For Guinto, one of the main benefits of AI-enabled security tools is their ability to consume and process more data than their human counterparts. This could lead to the discovery of behavioural patterns not previously identified, enabling security teams to enhance their threat hunting, alerting and monitoring capacity. This saves time for security teams and can help in developing playbooks, procedures and use cases. This gives security staff more time to focus on fine-tuning security solutions to protect data and to mature their overall program.

” as a best practice, access to information should follow the principle of least privilege, including access to the database, infrastructure and payroll application. ”

Best practices in secure payroll systems with machine learning and AI

cybersecurity

Guinto emphasizes the importance of security with multiple layers of controls, whether your security tools are AI-enabled or not. She says: “Security programs should ensure that the supporting platform is hardened [defined as locking down a security system to reduce the number of potential access points, reducing its overall vulnerability], the payroll system is kept up to date and free of application vulnerabilities, and the network is secured from external threats.”

She also states that, as a best practice, access to information should follow the principle of least privilege, including access to the database, infrastructure and payroll application.

The principle of least privilege is an information security concept that a person or entity (this includes AI programming) should only ever have access to the data, programs and resources required to complete their assigned task and nothing more. Organizations that do not apply this principle create what is known as “over-privileged users or entities,” which increases the likelihood of system, data and overall security misuse.

Implementing this principle involves setting up role-based access control. In terms of how sensitive information is secured, Guinto says, “Privileged access should be locked down more strictly, ideally using a just-in-time check-in and check-out process in addition to requiring two-factor authentication for login.” An example of multi-factor login and security would be a login password, fingerprint verification and the corporate computer used having a digital tag specifically assigned by the company.

Data integrity is cybersecurity

Guinto reiterates that data quality and integrity are equally important to protecting the privacy and security of employee data. “Whenever reporting or decisions are dependent on high-quality data, security controls and processes should also support protection of data integrity.” She adds that any output produced by AI should be verified for accuracy. “While employee data has importance to the employees themselves, many organizations rely on the data to manage compensation, federal and provincial tax and benefit reporting, along with multiple other facets of human resources.”

Conclusion

Different departments within an organization must maintain regular communication to harness the full potential of AI and ensure data security. HCM professionals and all departments must work in stride with their information technology and cybersecurity teams to ensure emerging risks, privacy regulations and opportunities are routinely addressed and anticipated.

What are your thoughts on

“Cybersecurity meets payroll: Protecting sensitive employee data ” ?

discuss below.

Sign Up Today! HCM DIALOGUE is more than just a news source – it’s a place for Finance, HR and Payroll professionals to come together and share their expertise.