This article has been updated with new links to UKG communications on the outage.
Kronos Executive Vice President Bob Hughes released a statement on December 13, informing Kronos Private Cloud customers that service would be disrupted for several weeks due to a cybersecurity incident. Hughes said, “Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions.” The affected tools include UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions. Customers with on-premises services are not affected.
The system outage is due to ransomware, and while it has not been confirmed, several outlets are speculating that it is linked to the Log4j Zero Day Exploit first reported on December 10. That vulnerability within the Apache Log4j 2 open source logging system has been linked to a growing tally of ransomware attacks.
A major pain for payroll officers
An outage of HR solutions that will last weeks could mean the lack of access to critical human resources data that ensures that the business runs and its employees are paid, including time tracking and scheduling software. And because the outage happened when many companies were running their payroll to pay out on December 15, payroll officers will be scrambling to restore time clock information that they lost access to. If the company has not backed up their HR data to a separate cloud or on-premise database, this could be a time-consuming and frustrating endeavor.
Looking to the next few weeks without time tracking and scheduling software, companies will need to build work schedules and attempt to recreate much of the personal data stored for each employee, including time off requests, banking information, addresses, and contact information.
How should Kronos Private Cloud customers react?
Many companies will resort to building schedules on paper or spreadsheets in the short term, but as Kronos pointed out in their statement, in order to get back to business as usual while also protecting private personal information, companies will need to implement one or more software systems to gather and store information.
At minimum, companies will need:
- a human resources information system to gather addresses, banking, and contact information
- a time tracking and scheduling software to recreate schedules
- a payroll system to get their employees paid
While companies could implement a full-service HCM tool similar to Kronos, the length of time it would take to implement these tools, customize the software, and ensure full coverage for the entire enterprise can take months — and that’s with the careful planning and project management provided by a scheduled software implementation.
Companies reacting to a ransomware attack need to move quickly. Best-of-breed, standalone software with native integrations to other third-party HR software can patch up the gaping data hole left by Kronos. Bonus points if the software includes a self-service portal where employees can enter their data securely and privately, saving HR team data entry time that can be better used getting schedules back to normal.
Also Read: The best HRIS software