If you’re using the HMRC “PAYE Tools” product, you probably haven’t realised that everyone in your company can access staff pay records. At least, we didn’t until this week.
A bit of background. I’ve got a book-keeper who does my accounts, payroll, invoicing and debtor-getting. We both need access to files, but I don’t want my techies looking at our accounts or payroll records (too tempting).
So a great solution is to set up a TrueCrypt “encrypted shared drive” on the network. We have all our finance-related data on that, it gets backed up by our IT administrator, but only I and the book-keeper can see this sensitive data because it is password protected.
Historically, we’ve been using the HMRC CD-Rom to do our payroll, and because we need to both have access, we moved the HMRC program to the network. It ran fine, and all the backups were made to the encrypted drive. Job done.
It turns out the data isn’t stored in a subdirectory of the HMRC folder, but on either C:\Users\[username]\HMRC or C:\Users\Public\HMRC.
So.. we’d encrypted the application but not the data!
So.. anyone can access payroll data.
We only realised this when we installed the new payetools application to replace the CD-ROM. Despite installing it on the encrypted drive we couldn’t find the data directory anywhere. We even found a config file on the HMRC directory, but changing this made sod all difference.
After hours of investigation I have found a workaround.
Please note I accept no liability/responsibility for any errors, omissions, etc, this is entirely at your own risk.
How to store your HMRC PAYE data on a shared, encrypted drive using TrueCrypt
I’m assuming you have good computer knowledge, and you’ll have to read up on TrueCrypt etc. from their website. I’m also assuming you have installed and are running the payetools software.
- Run the payetools program, and click on the Options spanner, then on the Application Settings tab, and check the ‘Database Location’ is something like C:\Users\Public\HMRC\payetools. If it isn’t, then you will need to reinstall the HMRC payetools in custom setup mode, selecting the ‘Shared Data’ option where prompted.
- Back up your HMRC PAYE data somewhere safe (you’ll need this backup in a minute)
- Install TrueCrypt on both PCs that you want to access your data
- Create a TrueCrypt volume on a network drive (20Mb should be plenty), and mount it as an R: drive one of the PCs (Important note: you can only mount a TrueCrypt drive on ONE PC at a time)
- Create a folder on this drive called R:\HMRC, and a subfolder R:\HMRC\payetools
- Now, before you run the HMRC payetools program, open a DOS window
- Type %public%, and make a note of the file path %public% is set to now (it will probably be C:\Users\Public)
- Type setx public R:\
- Run the HMRC program – it will create a new database in R:\HMRC\payetools
- Check you are using the right data location - click on the Options spanner again, then on the Application Settings tab, and check the ‘Database Location’ is R:\HMRC\payetools
- Now restore your backup
You should be good to go now.
When you have finished using payetools, close it, then in DOS, type setx public C:\Users\Public (assuming this was the original path you got when you typed %public%)
Remember to close payetools BEFORE unmounting the TrueCrypt drive.
Remember only one person can access the TrueCrypt drive at a time.