For Patrick Lillicrap, working in payroll software is more than dollars and deadlines. Problem-solving is a critical part of the job, and something he relishes.
Key Takeaways:
- Payroll requires a keen awareness of potential cyber security vulnerabilities.
- Keep a look out for the tactics of cyber criminals both personally and professionally. The payroll industry is a particularly attractive target.
- Make it mandatory for staff wanting to update their personal details such as bank account information, to do it themselves via a safe platform.
Patrick is a functional consultant at nuuco, a Melbourne-based payroll software implementation firm that helps businesses across Australia streamline their payroll systems.
“People often say that payroll people are good with money, but I think we’re more adept at problem-solving,” he says.
“I really enjoy working out solutions for businesses that will help make their lives easier. This might be taking a company from manual timesheet submissions to an automated process via an app.”
His role requires him to bridge the gap between client needs and technical solutions, and requires a keen awareness of potential cyber security vulnerabilities.
He’s encountered the tactics of cyber criminals both personally and professionally, and says the payroll industry is a particularly attractive target.
“Whenever we do a LinkedIn post, I start getting scam emails saying ‘Hello it’s the CEO, please change my bank details’, things like that,” he reveals.

“They will try different combinations of email addresses until they get a hit. As soon as they see ‘payroll’, they will try it on. They must have a script, as it’s always the same.
“In a previous life, I worked for a not-for-profit, and they were hit by a phishing attack asking for a Bitcoin ransom.”
But he says while cyber criminals pose an ever-growing risk, nuuco is well-placed to help companies manage them.
“It is a concern,” he says.
“But because we’re designing the systems, we can give our best recommendations for cyber security and often it’s something that individual companies have to carefully consider. Internally, we have made it mandatory for staff wanting to update their personal details such as bank account information, to do it themselves via the platform we’re using.”
In his daily battle against cyber threats, Patrick remains proactive. Beyond the threats to nuuco's clients, he’s also concerned about his own personal cyber security.
He’s adopted a cautious approach to sharing information, even something as seemingly innocuous as his name.
“I was raised to answer the phone using my name as a greeting, and it is really hard to break that habit,” he says.
“But I realised it’s none of their business what my name is, so if I don’t recognise a number, I’ll just say ‘Hello’ instead of ‘Hi, it’s Pat’.
“If a scammer has my name and number, that’s two pieces of the puzzle.
“It doesn’t take much to get my voice and put it into an AI generator to recreate a phrase”, he says, explaining the potential for misuse of voiceprints.
Patrick recently completed the Cyber Wardens Foundations course, and shared it with his colleagues and CEO.