UKG | December 16, 2021
A ransomware attack on a major HR technology provider is creating chaos around attendance, scheduling and payroll for thousands of employers with no certain end to the problem in sight.
Ultimate Kronos Group (UKG) revealed that one of its cloud-based time and attendance systems—Kronos Private Cloud—was exploited by hackers and that the outage could last several weeks. That's especially distressing news due to the increased use of variable staffing and vacation scheduling around the holidays and the calculation of end-of-year payroll concerns such as bonuses.
Kronos Private Cloud includes the products UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions.
"It could not be worse timing, as many companies employing hourly workers are busier during the holiday season, and having to track more overtime, The attack not only comes during the crucial end of the year for scheduling and staffing but also right when UKG's annual customer conference was getting underway."
-Sam Grinter, senior principal analyst at advisory firm Gartner, based in London.
The attack, discovered Dec. 11, has affected 2,000 organizations that use the software, including enterprise companies, hospitals, government agencies, universities and emergency services like fire and police departments.
UKG said all products linked to the Kronos Private Cloud are unavailable, and it could take up to several weeks before service is restored. "We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities, The investigation remains ongoing, as we work to determine the nature and scope of the incident."
-UKG executive vice president Bob Hughes said in a statement.
There reportedly is no impact to the affected products if they were installed on-premises (not pulled in from servers in the cloud), nor other UKG products such as UKG Pro, UKG Ready and UKG Dimensions, which are housed in separate environments and not in the Kronos Private Cloud.
Grinter explained that ADP could be another vendor to watch, as it resells UKG Workforce Central as an ADP product. In addition, most major payroll providers have integrations with UKG (due to the 2020 merger with time and attendance pioneer Kronos).
UKG has been providing daily updates on the emergency, including informing clients that backup systems were unavailable due to the attack; the company had not discovered that the hackers stole any data; and that "In most instances, UKG timeclocks will record and store employee punches offline until connectivity can be restored… However, UKG strongly recommends customers consider manual time collection efforts to ensure accurate collection of employee time in the interim."
"Some employers may require workers to do that or ask them to write down their own hours, If not, it's always a good idea to still to go ahead and do that for yourself so that you know what you've worked and how many overtime hours, things of that nature, then that way you can compare it to what the employer has and make sure that you're paid appropriately."
-Amber Clayton, director of the Knowledge Center at the Society for Human Resource Management
He said another option is to just pay everyone the same as the previous pay cycle and try to figure out a way to straighten it out later. The problems with that approach include not being able to factor in those who worked more hours or fewer hours, not being able to pay new hires and sending out checks to people who have left the organization, Grinter said.
As for alleviating the situation by paying the ransom, UKG's actions so far indicate they are not going to take that route, but that could change, Grinter said.
Allan Liska, an intelligence analyst at Somerville, Mass.-based cybersecurity firm Recorded Future, said that even if the company decides to pay the ransom, it can take days to negotiate a settlement and put together the funds. And malware could be left behind for future ransom demands or other exploits. The only safe course is a complete rebuild of the server network, he said.
Protecting Employee Data
UKG has not determined whether the incident has impacted customer data. But the extent of employee information stored in Kronos Private Cloud—and therefore potentially exposed— varies by employer. The city of Cleveland for example, warned its workforce that names, addresses and the last four digits of Social Security numbers could be at risk.
"UKG has been notifying affected customers and those customers are obviously working with UKG to ascertain what data was included, and whether that data was exfiltrated prior to the deployment of the ransomware, Companies can proactively determine what may have been compromised by doing their own analyses, Companies will have to determine what data was compromised, what their legal obligations are and what their contractual agreements are with UKG for that process."
-Linn Freedman, a partner in the Providence, R.I., office of law firm Robinson & Cole.
Is Log4j the Culprit?
It is being theorized that the UKG ransomware attack may be related to the recently disclosed Log4j vulnerability. The bug, also known as Log4Shell, was discovered in a commonly used bit of Java software on Dec. 9.
Officials at the U.S. Cybersecurity and Infrastructure Security Agency have since warned that state-sponsored hackers from China, Iran, North Korea have started testing and exploiting the vulnerability, which allows remote attackers to take over a device. The agency said that hundreds of millions of enterprise and consumer devices are at risk until the bug is patched.
Tech companies have been scrambling to address the threat, but organizations and consumers should immediately patch any applications or systems affected by it if possible, according to cybersecurity experts.
UKG maintains that there is no connection to log4j. "We are investigating whether or not there is any relationship between the security incident and the Log4j vulnerability," UKG said.
Preparing for Ransomware Attacks
Freedman said that the ransomware attacks we're seeing are just the beginning of a disturbing trend. "There has been an increase in the number of cyberattacks against companies that have access to many other companies' data," she said, citing the data breach at file-sharing firm Accellion in December 2020 and numerous attacks against managed IT service providers this year. "These criminals want to inflict as much pain as possible," she said.
She said that there's a long list of things companies can and should do to mitigate the effects of a ransomware attack but know that these events cannot be completely prevented because of zero-day exploits which hackers can take advantage of before they are even known by the affected technology providers.
Those action items include the development of contingent and backup plans, disaster recovery plans, remote desktop protocol monitoring, insider threat intelligence, multi-factor authentication on all applications and strong spam filters. "Even all of the most effective security measures, however, can never completely prevent a cyberattack," she said.
Workhuman | April 25, 2022
Workhuman®, pioneers of the human workplace, announced key milestones on its global sustainability journey. Workhuman is on a mission to make work more human around the world, and a large part of that is ensuring that the company is making progress toward a more positive impact on the environment. To commemorate Earth Day, the company is sharing more details about its sustainability programs, commitment, and achievements.
As an important step in its sustainability journey, Workhuman has achieved carbon neutrality for its global 2021 Scope 1 and 2 emissions, in addition to a portion of its Scope 3 emissions, through verified carbon removal offsets and renewable energy certificates (RECs). The joint procurement was conducted alongside six other global software companies, arranged by Sustainability Roundtable, Inc., a strategic advisory and support service for ESG program assistance, of which Workhuman is a member.
“The movement towards a human-centered workplace led by Workhuman is a source of hope, A more sustainable business is one that grows beyond extracting value to create value. This begins with recognizing and promoting our inalienable human and ecological dignity. For this reason, Sustainability Roundtable, Inc. considers it a privilege to assist Workhuman.”
-Jim Boyle, CEO & Founder of Sustainability Roundtable, Inc.
Workhuman offset all its 2021 Scope 1 emissions in addition to Scope 3 business travel and estimates of employees’ electricity emissions while working from home. Workhuman worked with Natural Capital Partners, the world’s leading experts on carbon neutrality and climate finance, to procure these offsets from the Mississippi Valley Reforestation project, which is certified by American Carbon Registry and aims to reforest one million acres of the Lower Mississippi Alluvial Valley. Unlike other carbon offsets that avoid the release of additional carbon dioxide into the atmosphere, this project will remove existing carbon dioxide from the atmosphere. As Workhuman explores the possibility of adopting a Science-Based Target, the procured offsets align with the Science-Based Targets initiative’s new guidance for supporting carbon removal projects.
“Workhuman’s mission to make more human workplaces starts with our own, and a key ingredient in that is ensuring we’re doing all we can to protect our environment,” said “Making the workplace more sustainable requires that a company’s environmental practices, places, and people are building for the future - a healthier planet for all living creatures. We know there’s much more work to be done. But we are fully committed to this journey and are energized to be working with so many like-minded companies. Reducing climate risk takes everyone.”
Workhuman has several other internal and external efforts as part of its multi-year sustainability strategy and journey, including:
Completing a Materiality Analysis in 2021 to identify key areas to focus on within ESG (environmental, social, and governance). As part of the analysis, Workhuman partnered with Sustainability Roundtable to conduct briefings and confidential surveys with 40 key stakeholders and executives across key business divisions and departments. The resulting independent analysis will be used to guide current and future ESG investment and priorities.
Creating a new ERG group – called LiveGreen – focused on advancing and modeling more sustainable practices in Workhuman offices and in the communities around them. For Earth Day 2022, the group is sponsoring clean-ups in Ireland (in Dollymount Strand, Sandmount Strand, and the ParkWest Canal) and in East Boston (through Friends of Boston Harborwalk) and also hosting Catherine Cleary, journalist and environmentalist, to speak to the company about the Circular Economy.
Achieving the Ecovadis Silver award. EcoVadis is the world’s largest provider of business sustainability assessments. Its methodology weights criteria for ESG performance across four areas: ethics, environment, sustainable procurement, and labor/human rights. Workhuman’s silver-medal designation places it in the top 25 percent of companies rated.
Working with environmentally conscious partners to magnify impact. Through GRS and their Evergrow global climate change challenge, Workhuman has helped fund tree planting around their world. During 2021 and 2022 to date, Workhuman transactions have resulted in The Eden Reforestation Project planting nearly one million new native trees and mangroves in Madagascar, Mozambique, Nepal, Kenya, Haiti, and Indonesia.
Donating to non-profits and charities that are making a difference in the world’s fight against climate change. Over the past two Earth Days, Workhuman will have donated $10,000 to the World Wildlife Fund (WWF) with a focus on Climate and Oceans. As the world’s leading conservation organization, WWF works in nearly 100 countries. At every level, they collaborate with people around the world to develop and deliver innovative solutions that protect communities, wildlife, and the places in which they live.
Recycling laptops and other electronics to non-profits near our offices. These efforts will lessen the impact on the environment while improving the lives of countless others. Groups we have donated electronics to include Science Club for Girls, Future Chefs, Foróige, Camara Education, Catie’s Closet, and Innercity Weightlifting.
Building a new symbiotic working model and future sustainable office. As the world starts to return to the office in greater numbers, Workhuman is meeting the needs of its people through increased flexibility to work from home. This results in less commuting, thereby reducing the company’s overall environmental impact. Workhuman is also revamping physical offices in Dublin and Framingham to create even more human workplaces and spaces. The reinvigorated offices will include in-office composting bins, revamped recycling, enhanced fitness and wellness areas, and several biophilic elements in support of human health and mental and physical well-being.
Workhuman® is pioneering the human workplace through award-winning Social Recognition® and Continuous Performance Development solutions. Workhuman inspires more than six million humans across 180 countries to perform the best work of their lives. For the past 22 years, human resources and business leaders alike have used Workhuman Cloud® to gain the proactive insights necessary to transform and lead a more connected, human-centered workplace that accelerates engagement and productivity.
RECRUITMENT & RETENTION
EY | February 07, 2022
The United Service Organizations (USO) and Ernst & Young LLP (EY) are joining forces to support professional development within the military community. During a three-year strategic relationship, the USO and EY will create career and mentorship opportunities for service members and their spouses.
"The USO and EY share a commitment to helping others become the best versions of themselves. This relationship will allow thousands of our brave troops and their spouses to plan rewarding professional lives that leverage their unique skillsets, EY representatives already sit on six USO advisory boards throughout the United States, and we are looking forward to even more cross-organization engagement in the future."
-USO CEO and President J.D. Crouch II.
A $1.5M donation and pro bono services from EY will support numerous USO initiatives between Jan. 2022 and Dec. 2024. These include the USO Pathfinder® Transition Program, which connects the military community to employment, education, financial readiness, and mentorship opportunities. It is a crucial resource for the 200,000-plus service members and 650,000-plus military spouses who experience a major life transition each year.
The strategic relationship will also strengthen EY's hiring initiatives while raising awareness of the USO's important role in military career development. EY employees will have a chance to meaningfully engage with service members through mentorship, board positions, and storytelling. Each interaction will help bridge the military-civilian divide and give more than thanks to those in uniform.
About the USO:
The USO strengthens America's military service members by keeping them connected to family, home, and country, throughout their service to the nation. At hundreds of locations worldwide, we are united in our commitment to connect our service members and their families through countless acts of caring, comfort, and support. The USO is a private nonprofit organization, not a government agency. Our programs, services and entertainment tours are made possible by the American people, the support of our corporate partners, and the dedication of our volunteers and staff. To join us in this important mission and learn more about the USO, please visit USO.org or follow us on Facebook, Twitter, and Instagram.
EY exists to build a better working world, helping create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
RECRUITMENT & RETENTION
TeleTech | January 19, 2022
TTEC Holdings (NASDAQ: TTEC), one of the largest global customer experience (CX) technology and services innovators for end-to-end digital CX solutions, announced that TeleTech has been selected as the Recruitment Team of the Year for the APAC Region by the HRO Today Association.
The HRO Today Association Awards is an annual program that highlights the essential work HR professionals do every day, recognizing leadership, collaboration, innovation, hard work, and commitment to people and process improvement. This award recognizes the Recruitment Team that demonstrated significant success and/or growth in the sourcing, candidate experience, employer branding, candidate selection, interviewing, offer process, and onboarding processes for its company.
"Our commitment to deliver humanity to business requires hiring top talent. Our recruitment team reaches for amazing every day, providing a world-class candidate experience from talent attraction to welcoming new hires during the onboarding process, We're honored that HRO Today Association selected our talent acquisition team for this award."
-David Bernal, executive director, TeleTech.
"The overall quality of the nominations received this year was exceptional, The inspirational and innovative stories told by the award submissions highlighted how committed the nominees are to creating positive change within HR."
-Renée Preston, Global Executive Director of the HRO Today Association.
TTEC Holdings, Inc.(NASDAQ: TTEC) is one of the largest global CX (customer experience) technology and services innovators for end-to-end, digital CX solutions. The Company delivers leading CX technology and operational CX orchestration at scale through its proprietary cloud-based CXaaS (Customer Experience as a Service) platform. Serving iconic and disruptive brands, TTEC's outcome-based solutions span the entire enterprise, touch every virtual interaction channel, and improve each step the customer journey. Leveraging next-gen digital and cognitive technology, the Company's Digital business designs, builds, and operates omnichannel contact center technology, conversational messaging, CRM, automation (AI / ML and RPA), and analytics solutions. The Company's Engage business delivers digital customer engagement, customer acquisition & growth, content moderation, fraud prevention, and data annotation solutions. Founded in 1982, the Company's singular obsession with CX excellence has earned it leading client NPS scores across the globe. The Company's nearly 62,300 employees operate on six continents and bring technology and humanity together to deliver happy customers and differentiated business results.