The human resource management company, Ultimate Kronos Group recently fell victim to a ransomware attack. Unfortunately, one of its cloud-based time and attendance systems was exploited by hackers. They announced that this outage may end up lasting several weeks.
Organizations that rely on the company to pay employees are scrambling to figure out how to process payroll. This includes manual calculations and paper checks- something that many people have not done in years or perhaps ever.
The attack has now affected about 2,000 organizations that use their cloud-based software only. The organizations affected include government agencies, universities, banks, emergency organizations, and many other large sectors.
Some employers are even choosing to issue generic paychecks to compensate their employees for a general amount- rather than the actual hours worked. They plan on eventually correcting these calculations when they have had more time.
It is still unclear how the attackers managed to pull this off. However, the attack took place shortly after news broke regarding a major vulnerability in a piece of software called Log4j. The software is often used with the programming language Java and the flaw makes it easy for a hacker to take over a device or system, remotely.
Moreover, Java is the most widely used programming language in the world and this type of threat should not be taken lightly.
In light of the pandemic, many companies are shifting to remote work and are proving to be more vulnerable to phishing scams than ever. These arrangements can put networks at high risk for cyber security threats. This is because connections from home may not be as secure as the ones at a physical workplace location.
HR, and Finance departments are prime targets since they are privy to the most confidential information. Businesses can also be more susceptible during holiday and tax seasons. However, we always advise being skeptical of suspicious emails year-round.
First, what are phishing scams? As defined, “a cybercrime in which a target or targets are contacted via email, telephone, or text message by someone posing as a legitimate and reputable institution or person to persuade individuals to reveal personally identifiable information, banking, and credit card details, and passwords.”
In other words, you may receive a notification asking for sensitive information through:
from someone that could be posing as a coworker, a boss, a friend, a family member, even the IRS. This is also known as a business email compromise/business email spoofing (BEC/BES).
These emails are generally impersonating a real company employee or executive. They usually target individuals that have the authority to authorize the release of the information that they are seeking. For scenarios 1 and 2 listed above, the thief posing as the employee/executive will provide the new bank account information making it a seamless crime.
HR departments are often a prime target due to their access to sensitive data. However, there is no real target industry or type of employer that hackers/scammers are contacting. This is relevant to all types of businesses whether you manage or own a hotel, restaurant, medical practice, construction company, etc.
You might be questioning how to tell if the email you receive is false. Don’t worry – there are several subtle clues to look out for. Make sure to read the email carefully before following through with the request. Often, email scams contain grammar and spelling mistakes within the body.
For examples of what BEC/BES may look like, check out the IRS alert here.
If a scammer has been able to compromise an executive’s email account, the domain would look almost identical. A spoofed email domain could look like any of the following:
If any links are present, you can hover over them to verify whether the URLs are safe before clicking. Usually, if the website is unrecognizable or if the “http” lacks an “s” – “http://” vs “https://”, this may be a cause for concern.
If you notice any of these subtle clues, refrain from clicking any links or responding. Notify the sender through different means to confirm whether they sent you the email.
For other preventative steps to take when it comes to email communication, read our blog on email encryption.
Get expert HR and payroll assistance. Contact Payroll Systems and let one of our payroll specialists walk you through our easy-to-scale solutions for your business.
As an employer, you understand the need for worker’s compensation and may have heard of the term “pay as you go" workers comp So, what is it Is this something you need to consider Pay...
TriNet, a provider of human resource products has recently announced that they will acquire Zenefits Zenefits is a cloud-based HR platform and software company Upon completion of the acquisition,...
The US Immigration and Customs Enforcement (ICE) is extending the temporary policy that allows employers to inspect Form I-9 documents virtually through April 30, 2022 Originally, the policy was...
IRS Forms 1095-C & 1094-C were designed as a way to track the requirement set by the Affordable Care Act (ACA) in which employers must provide healthcare coverage if they have 50 or more...
On Friday, January 7th, the Supreme Court held a special hearing to address the OSHA vaccine mandates However, it wasn’t until January 13th that they decided to officially block the mandate...
American pharmaceutical and biotechnology corporation, Pfizer has signed an acquisition agreement with clinical-stage company Arena Pharmaceuticals The agreement stands at about $67 billion and...
This article provides general information and shouldn’t be construed as legal or HR advice. Since employment laws may change over time and can vary by location and industry, please consult a lawyer or HR expert for advice specific to your business. You can also contact Payroll Systems to inquire about our HR support services.