Star Wars stormtrooper figure standing guard next to a laptop computer

How HR Leaders Can Support Cybersecurity in a Ransomware World

January 06, 2022 Information Management
Lance Haun
By Lance Haun

Less than two weeks before Christmas, a cybersecurity disaster struck users of UKG’s Kronos Private Cloud services. A ransomware attack left systems like UKG Workforce Central, UKG TeleStaff, Healthcare Extensions and Banking Scheduling Solutions crippled. 

These solutions serve both public and private sector employees, with high concentrations in public safety, healthcare and financial services. Companies affected by the cybersecurity breach were mostly using the Kronos applications for time tracking, scheduling and payroll purposes. For healthcare talent leaders in particular, it was a lump of coal in their stocking after a particularly brutal year.

The shake-up led to companies following a variety of contingency plans, including manual time tracking and scheduling and using new payroll systems. Some companies with Christmas payrolls imminently due made the choice to average employee pay and make any corrections once the system is restored. 

At the time of this writing, UKG is slowly getting services restored. Today still, the company's leaders remain forthcoming about the status of the restoration. It’s still unclear whether the ransomware attack had anything to do with the Log4J security vulnerability, but UKG isn’t some new company with relaxed cybersecurity procedures. 

Until there’s more information, it seems wise to assume that what happened to Kronos Public Cloud isn’t just a cybersecurity failure at UKG. Any potential zero-day vulnerability could likely wreak havoc if it affected any significant cloud environment.

Cybersecurity Contingency Plans

Those using systems unaffected by the attack may be breathing a sigh of relief. I know I would. But it can’t stop there. 

Companies need to take a look at all of their current critical people systems and revisit their contingency planning. Are they up to date? Do they cover all critical systems? Does everyone know where to find the information on those contingency plans? How hardened are the plans for different outage scenarios? For example, what is the contingency for a service outage with one particular solution versus a disaster outage with no internet access at all?

For many organizations affected by the ransomware outage, there unfortunately wasn’t clear planning done. While an outage of this significance means more work for everyone, not having a plan adds additional stress and uncertainty on everyone.

Some organizations, for instance, may use a third-party payroll provider for these services, but it is still the organization’s responsibility to pay its people. That means that for some systems, there is a legal obligation to be better prepared. Best-faith efforts can make a significant difference in times of crisis.

Related Article: Protecting Data Against the Rising Tide of Ransomware

Teaming Up for a Cybersecurity Solution

Even the best contingency plan won't prevent future cybersecurity incidents. Cybersecurity today isn't about preventing attacks but about how quickly the company can identify a breach, respond and restore services. It's about resiliency.

As cloud solutions have become the norm in the digital workplace, the need for HR leaders to engage a CIO, CISO or other IT expert on a company's cyber resilience isn’t seen as foundational as it once was. But for those who haven't been as involved in recent deployments, now may be a good time to revisit the landscape and measure any potential risk against the systems they have in place today.

Most enterprise HR leaders use dozens of solutions on a day-to-day basis. Prioritization is key to making the best use of time for both HR and IT. One HR leader told me his company only looks at systems that house critical employee and dependent personal information or systems that could lead to severe business disruption. This enabled them to skip the evaluation of their third-party people analytics tool because of its limited ability to pull personally identifiable information. While a hack of that system wouldn’t be great, the risk would be more limited than, say, a payroll system. 

IT leaders will also be keen on a solution provider’s own contingencies. Do they have failover systems? What sort of backup cadence do they have, and what’s the timing for getting systems patched and up again after a disruption? A seasoned CISO, CIO, IT leader or other experienced security professional will be able to dive into those challenges. 

Related Article: Does Your Organization Need a Chief Data Officer? Probably

Act Soon, But Don’t Panic Buy

If anything, the UKG ransomware attack has given everyone the talking points needed to prioritize critical areas in 2022. So, unless a company is in the midst of an actual business disruption, there’s no need to go out and grab the first solution available. 

Instead, working with a broad team of IT, HR and operations leaders will help ensure that any new solution selected will take care of both business and people needs, while also being secure. This can also be a great opportunity to update neglected, outdated systems that aren’t meeting the needs of the business anyway. 

With the shift in the workforce to more hybrid and remote environments, threat vectors have increased (or at least changed). The changes brought on through the pandemic have given HR and IT the opportunity to work together and create the next generation of solutions for their workforce.

But none of that matters if critical information is compromised or key systems are down for weeks. The time to collaborate and work to secure and upgrade solutions is now. There might not be another opportunity like this for years.

About the Author

Lance Haun lives life at the intersection of people, work and technology. He's currently a practice director of strategy and insights for The Starr Conspiracy and a contributor for Reworked and


Featured Research

Related Stories

Gold padlock on worn-out blue lock

Information Management

Mitigating the Risk to Personally Identifiable Information in Unstructured Data

Top of building sticking out of the clouds into clear blue sky

Information Management

How Hybrid Cloud Is Enabling the Digital Workplace

graffiti on the wall reading: "trust your struggle"

Information Management

Why Organizations Still Struggle With Deploying AI

Digital Workplace Experience Q4: October 12-13, 2022

DWX22 - Q4