Payroll and HR are extremely sensitive subjects, and you should do your best to keep your employees' data secure.
Here are general practices to keep your accounts secure.
Use of Employee Portal
A standard practice is to invite employees directly to the employee portal.
By sending payslips directly to the employees' account, you are making sure that payslips are accessed by those who log in into their account using their email address and password.
See: Inviting Employees to their Employee Portal
Encryption of Payslips
In cases where sending payslip attachment is more feasible, it is strongly recommended to adopt a payslip encryption.
Encrypted payslips will require the employees to insert their Date of Birth or ID Number to access the password-protected payslip.
See: Sending Payslips to Employees
Enabling MFA (Multi-Factor Authentication)
As an additional security measure, you can enforce multi-factor authentication on either admins and managers, or even employees.
In addition to the password, users will be required to insert a 6-digit code from their Authenticator App.
See: What should I know about Multi-Factor Authentication (MFA)?
Do Not Share Accounts
Often times, we encounter users who share accounts. This creates both a security challenge, as well as making it impossible for teams to review Audit Logs.
Make sure to invite different users through their own email address.