Ultimate Kronos Group, a human resources management business, announced that it has suffered a ransomware attack that has hindered its clients’ ability to process payroll, manage time sheets, and operate their businesses. Scheduling software created for healthcare organizations, financial institutions, and public safety professionals were among the products hacked.

Employers that utilize Kronos may be unable to use the system to clock in and out of work – at least for the next few weeks.  These employers are left scrambling to find other record retention and payment methods, including issuing physical checks for the first time in years.

Employers should be aware that even if their timekeeping or payroll services become unavailable, the employer will still be required to maintain compliance with Connecticut and federal laws, including those regarding record keeping and timely wage payment.

To minimize cyber risks, consider incorporating these practical measures in your organization’s operations:

  • Enable 2-factor authentication for all remote network logins
  • Staff awareness and training with anti-phishing campaigns
  • Develop and test Incident Response & Disaster Recovery Plans
  • Vet the security provisions of vendor/cloud service provider contracts
  • Get cybersecurity coverage

Employers in every industry can be targets of cyber-crime. Reach out to Sherwin Yoder for counsel on ransomware prevention, response, and recovery. Carmody’s Labor & Employment team is available to discuss any questions regarding record keeping compliance, or other questions employers may have.

This information is for educational purposes only to provide general information and a general understanding of the law. It does not constitute legal advice and does not establish any attorney-client relationship.