An ongoing service outage at Hr vendor UKG that affected timekeeping and payroll software has some employers scrambling, and others viewing business continuity plans in a new light.

The company reported last week that a ransomware incident took several of its Kronos-branded services offline and that "it may take up to several weeks to restore system availability." In a statement , UKG's CEO recommended clients implement alternative business organisation continuity protocols.

"Information technology's going to be a large deal for some companies," Elizabeth Chilcoat, an acquaintance at Sherman & Howard, told Hour Dive. Employers must take a rapid response: "This is all hands on deck to identify what the issues are and solve them."

HR departments that typically rely on automation for the affected tasks may need to bring in temporary aid, Chilcoat said; "Information technology'south a horrible thing to happen this close to the end of the twelvemonth when people are wanting to take time off [or] winding down a little flake."

At the same fourth dimension, the outage is "a sober reminder" of the importance of backup plans for automatic Hour functions, Kevin Jackson, an acquaintance at Foley & Lardner LLP, wrote in a weblog mail service for the firm.

Employers scramble

The disruption involved Kronos scheduling, timekeeping and payroll products. It sent some employers scrambling to ensure employees are paid properly and on fourth dimension, NPR reported — both for employee needs and for compliance with wage and hour laws.

Individuals identified as UKG customers annotate on the company'southward website.

Retrieved from UKG on Dec 20, 2021

New York'southward Metropolitan Transportation Authority, for example, said in a statement that it was working with payroll and timekeeping experts to identify alternatives and ensure employees still receive their pay, The New York Mail service reported .

Others seemed to have a continuity plan fix to go: A Texas hospital told local media that it was activating existing procedures.

And so at that place are those focused on stop-gap fixes. The University of Utah, for example, told workers that while paychecks will be issued on schedule, "in that location may exist adjustments at a subsequently date to reflect corrections every bit needed," possibly an indication that it volition opt for a road Jackson highlighted: computing wages owed based on posted schedules, by payroll cycles or badge swipes, and adjusting payments equally soon as the correct work hours can be adamant.

Others might effort to migrate data to a new platform, if they accept the relevant data bachelor. Kronos competitor Deputy, for case, announced information technology would offer its services complimentary to Kronos clients for the duration of the outage.

Firsthand needs

Regardless of the path called, afflicted employers should immediately ask employees to written report hours worked, if that information was lost, Chilcoat said. People's memories will degrade as time goes on, so it'southward all-time to deed apace, she explained. And employers should maintain a backup reporting method until the outage is resolved. Paper time sheets are just fine; what's of utmost importance is accuracy , she said.

Employers also must immediately gear up to survive multiple payroll cycles on their own, Chilcoat said, citing Kronos' projected timeline for getting back online. Some companies will be able to continue running straight eolith, she said, while others may have to plough to conventional checks. While federal authorities but crave "timely" pay, many states take difficult deadlines, she pointed out; "You don't have a lot of time to figure out how you lot're going to pay employees."

After that, it'due south important to ensure open enrollment efforts weren't afflicted, Chilcoat noted. For any companies all the same in that process, it will be crucial to check that employee elections weren't lost and that those who accept non all the same completed the process have a way to do so. Leaves of absence and any certifications tracked through the vendor also must be addressed, she continued, recommending that HR acknowledge that in that location will exist mistakes and plan to "care for employees with some grace," with regard to all of these bug. "That volition help prevent claims of discrimination and retaliation from arising," she said.

Finally, Hour may accept to take steps to address the data alienation. While ransomware tin can restrict arrangement entry, there are cases in which malicious actors gain access to data. Employers are governed past a patchwork of state laws in this expanse then, if affected, "I would be calling a lawyer who specializes in data breaches," Chilcoat said. Some laws crave entities to report breaches to victims or authorities and at that place can be penalties for failing to do so in a timely manner, she connected. "Even if you're not legally required to, you engender goodwill" by providing notices, she said, even if yous don't however know what data, if whatsoever, was involved.

Lessons learned

Workplace experts have long extolled the benefits of business continuity planning, often focusing on weather condition events that close facilities or, these days, a pandemic that affects the availability of labor. But with cybersecurity events increasing in severity, according to a January report , such issues may need to be considered in scenario planning.

The good news is that HR pros may accept back up for such efforts, every bit cybersecurity risk has become a priority for many in the C-suite, according to Cybersecurity Dive reporting . The difficulty, all the same, lies in predicting the unpredictable, a partner at consulting firm Mercer recently wrote for Hour Dive .

Among other things, Chilcoat predicted that employers volition increasingly seek to negotiate into software contracts indemnification for cybersecurity attacks. That may be an uphill battle, she noted, but Hr should at least work to understand who will ain the data involved in such partnerships. It's fundamental, for instance, that 60 minutes be able to download information and maintain a local copy. "That's a best do whether or not there's been a information outage," she said, as it's useful to have when switching vendors or during litigation.

It'southward a lesson learned today that Chilcoat predicted will reshape future Hour functions: "I think we're going to see an increasing number of companies proverb storing information in the cloud is all well and skillful but I desire [fill-in in instance] there's some other software outage."