Log In
Contact Us
Log In
Contact Us

Payroll Trust & Security Center

See how Paper Trails ensures all of our people are working to protect all of your people at all times.

PT-Arrow-Graphic

Reliable and secure payroll and HR

Paper Trails has spent 20 years (and counting) safely and securely delivering payroll and human resources technology and support to our clients. We are keenly aware of the significance of operational risk management and cyber security in today’s digital landscape. We are dedicated to regularly evaluating and enhancing our risk and security practices. Our ongoing investments in skilled personnel, effective processes, and up-to-date technologies are focused on providing reliable protection for our customers, partners, employees, and assets. This commitment to security is a fundamental aspect of our operation, ensuring that we responsibly manage and safeguard sensitive information.

Payroll services built on trust.

Our Commitment

Paper Trails employs a dedicated and methodical approach to ensuring the security of your business and employee data. We understand that in the realm of payroll and HR services, the confidentiality and integrity of information are paramount. Our strategy encompasses a multi-layered defense system to safeguard your business.

Read More

isolved's Approach

Our payroll technology partner, isolved, maintains a formal and comprehensive program designed to ensure the security of customer data, protect against security threats and prevent unauthorized access to the data of its customers. isolved's future-proof platform allow employers to continue to deliver outcomes while also limiting risk.

Read More

Testing & Training

Paper Trails places a strong emphasis on continuous staff education as a key component of its security strategy. By conducting ongoing staff training sessions on all things cyber security, we ensure that all employees are not only up to date with the latest security protocols and practices but also fully aware of the evolving landscape of security risks.

Read More

Client Education

Paper Trails recognizes the importance of not only securing our internal processes but also empowering our clients with the knowledge to protect their own data. To this end, we provide an array of resources and educational tools designed to keep our clients informed about external data security threats so they can assist in the protection of their company assets.

Read More

 

Our response to the rise in direct deposit fraud

In today’s digital world, cyber threats are constantly evolving — and unfortunately, even small businesses are now regular targets. One of the most serious threats we’re seeing right now is direct deposit fraud, where bad actors gain access to email accounts and exploit weak MFA (multi-factor authentication) settings to redirect employee paychecks.

At Paper Trails, we’ve already taken action to combat this.

As of August 2025, we’ve disabled email as an MFA option for logging into isolved — closing one of the most common backdoors hackers use to commit payroll fraud. Users will now have to use one of the following MFA options:

1. SMS
A one-time code is sent via text to the phone number listed in isolved. If an employee’s phone number is outdated or incorrect, we can help reset it.

2. Authenticator App
Authenticator apps generate rotating codes synced to isolved.

To set this up:

Open your authenticator app (Google or Microsoft Authenticator).

Tap the + or "Add" button to add a new account.

When prompted during login, scan the QR code shown in isolved using the authenticator app (not the phone camera).

isolved will now appear in the app, and users will enter a new code each time they log in.

3. Passkeys
A passkey allows passwordless login using facial recognition, a fingerprint, or a PIN. Users can register multiple devices (such as a work computer and a mobile phone). isolved will walk users through setup during login.

 

This isn’t just a technical update. It’s a proactive move to protect your employees, your business, and the sensitive financial data you entrust to us every day.

We’re also:

  • Educating clients and their teams on how to spot fraud attempts
  • Continuously training our staff on the latest cybersecurity risks
  • Monitoring fraud trends across our network and adjusting protocols in real time

Your trust is everything to us. These updates are part of our ongoing investment in keeping that trust secure. Read more here.

 

chris

The most important service Paper Trails provides is protecting and accounting for client funds as well as holding in strict & secure confidence all personal and private data.

Chris Cluff, President

Our commitment to your security.

Paper Trails’ approach to security is both dedicated and systematic, ensuring the utmost protection of your business and employee information. Our strategy is comprehensive, addressing various aspects of data security in the payroll and HR services sector.

What's Included?

  • We implement a robust defense system layered with advanced security measures. Here at Paper Trails, we keep all of our internal systems and firewalls up to date. We have significant email security software, including our secure email platform, that assists in preventing private data from being sent via unsecure email. Our firewalls also feature intrusion prevention and detection software to assist us in preventing a breach.

  • At Paper Trails, we implement stringent controls and continuous monitoring to safeguard sensitive client data. Our system utilizes role-based access protocols, ensuring that only authorized personnel can access specific sets of data. This approach is crucial in maintaining the confidentiality and integrity of client information. Further, dual controls are used for access to client funds and access to critical data systems. Our IT team constantly monitors access logs, enabling us to swiftly identify and respond to any instances of unauthorized access. This vigilant approach to access control plays a vital role in our comprehensive data security strategy.

  • To maintain and enhance our security posture, Paper Trails conducts periodic audits that serve as a critical component of our security strategy. These audits are instrumental in assessing the current state of our security systems and processes, allowing us to identify any potential weaknesses. Following each audit, we take proactive steps to implement necessary updates and enhancements. This systematic approach ensures that our security measures are not only up-to-date but also effective in countering emerging threats, thereby fortifying the overall protection of our client's data.

  • Direct deposit fraud is on the rise, and it’s impacting businesses of all sizes — including small employers right here in Maine. Hackers are targeting employee email accounts, gaining access to login credentials, and changing bank account information inside payroll systems, rerouting paychecks before anyone notices.

    At Paper Trails, we take this threat seriously. We’ve responded with a series of preventative measures to help protect your business and employees from this type of fraud.

    What We’re Doing:

    • Removed email as an MFA method.
      Email-based authentication is no longer supported for isolved logins. Hackers frequently exploit email accounts to bypass MFA and change direct deposit settings. We now require stronger MFA options like SMS, authenticator apps, or passkeys.

    • Staff education & alerts.
      Our internal team receives regular security training and real-time fraud updates to stay ahead of emerging threats.

    • Client alerts and guidance.
      When fraud patterns are detected across our network, we notify clients and share immediate, actionable steps to reduce risk.

    What You Can Do:

    • Verify every direct deposit change face-to-face.
      Before processing a request, confirm it verbally or in person with the employee. Don’t rely solely on email.

    • Encourage employees to watch for login and change notifications.
      If an employee receives a message about a password or MFA change, or direct deposit update they didn’t make, they should report it immediately.

    • Use secure passwords and MFA.
      Remind your team not to reuse passwords between systems and to enable stronger authentication wherever possible, including email providers.

    • Use direct deposit workflows.
      Ask us about setting up a direct deposit approval workflow where selected managers must approve any direct deposit changes before they go live.

    • Report suspicious activity.
      If anything looks off, contact your Paper Trails payroll processor right away. We’re here to help investigate and secure your account.

isolved's approach to safety.

Our payroll technology partner, isolved, is deeply committed to ensuring the highest standards of security and integrity. Recognizing the critical importance of protecting sensitive information in today’s digital landscape, isolved has established comprehensive and robust security measures. This program is designed to safeguard customer data against various security threats and unauthorized access, reflecting an ongoing commitment to protection and compliance with regulatory standards.

What's Included?

  • isolved maintains a thorough and formal program dedicated to the security of client data. This program includes measures to protect against security threats and prevent unauthorized access to customer data. A significant aspect of this program is a continuous review process conducted by third-party auditors, ensuring ongoing compliance and effectiveness.

  • The security program of isolved, in collaboration with its cloud service provider Microsoft, is based on the Statement on Standards for Attestation Engagements (SSAE) 18, a standard set by the American Institute of Certified Public Accountants (AICPA). The completion of the SSAE 18 audit, including the annual SOC 1 Type 2 report, provides companies with confidence in isolved's products. This report covers various aspects of isolved's offerings, including the SaaS platform, payroll and tax filing services, and legacy Timeforce II SaaS solutions.

  • The isolved application features a multi-tenant SaaS architecture, ensuring data segregation and security at multiple levels. This includes role-based access controls down to the employee level and two-factor authentication for additional security. The logical access within the isolved platform and its data centers is stringently controlled, adhering to best practices in security.

  • To further enhance security, isolved has implemented automatic detection and response measures for compromised passwords:

    • Automatic Detection: isolved continuously scans a third-party database of known breached passwords (often found on the dark web). If a user's password is detected in a breach, the system automatically flags it.
    • Mandatory Password Change: Users with compromised passwords must update their credentials immediately upon their next login. isolved will guide them through a secure password reset process to protect their account.

    By proactively detecting and mitigating security risks, isolved ensures your payroll data remains safe, private, and protected at all times.

Consistent staff training.

At Paper Trails, we understand that a well-informed team is crucial in maintaining robust security measures. Therefore, we place a significant emphasis on continuous staff education, making it a central pillar of our security strategy. Our approach involves keeping our employees fully up-to-date with the latest developments in cybersecurity and equipping them with the knowledge and skills necessary to effectively safeguard client data.

What's Included?

  • We consistently conduct comprehensive training sessions to ensure that all staff members are well-versed in the latest security protocols and practices. These sessions are designed to keep our team abreast of the continually evolving landscape of security risks.

  • Our training covers a wide array of topics critical to data security, such as the newest phishing tactics, effective password management best practices, and the principles of maintaining data confidentiality. We test each employee with phishing and vishing attempts to keep them alert and aware. This diverse range of subjects helps in building a well-rounded understanding of cybersecurity among our staff.

  • To enhance practical understanding, our training sessions incorporate discussions on case studies and real-world scenarios. This approach not only bolsters our team's ability to identify potential security threats but also prepares them to respond promptly and effectively.

Client facing educational resources.

Paper Trails is dedicated not only to securing our internal processes but also to empowering our clients with the essential knowledge to protect their own data. We understand the importance of a collaborative approach to security, where both service provider and client are well-informed and prepared to tackle security challenges.

What's Included?

  • Our clients have access to an extensive range of materials including regular newsletters, detailed guides, and blog articles. These resources cover a broad spectrum of topics including best practices in data security management, ensuring our clients are always informed about the latest developments in data security.

  • All these educational materials are conveniently available through our website. This ensures that our clients can easily access and utilize these resources at their convenience, staying informed and prepared against potential security threats.

PT-Arrow-Graphic

Real businesses. Real solutions.

person-4

From start to finish, the team at Paper Trails keeps my finances in order in a professional and fun way.

Dr. Tim Coffin, Slocum Chiropractic

person-1

The team at Paper Trails keeps my employee experience in line so I can focus on what we do best, digging holes and mowing lawns.

Brian Cloutier, Greenscapes of Maine

Company

Support

Social

207.721.8575

10 Main Street, 2nd Floor Kennebunk, ME 04043

1 Bowdoin Mill Island, Suite 302 Topsham, Maine 04086

Copyright © 2025 Paper Trails. All rights reserved.