PAYROLL

UKG Hack Disrupts Scheduling and Payroll for Thousands of Employers

UKG | December 16, 2021

Acquisition News
A ransomware attack on a major HR technology provider is creating chaos around attendance, scheduling and payroll for thousands of employers with no certain end to the problem in sight.

Ultimate Kronos Group (UKG) revealed that one of its cloud-based time and attendance systems—Kronos Private Cloud—was exploited by hackers and that the outage could last several weeks. That's especially distressing news due to the increased use of variable staffing and vacation scheduling around the holidays and the calculation of end-of-year payroll concerns such as bonuses.

Kronos Private Cloud includes the products UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions.

"It could not be worse timing, as many companies employing hourly workers are busier during the holiday season, and having to track more overtime, The attack not only comes during the crucial end of the year for scheduling and staffing but also right when UKG's annual customer conference was getting underway."

- Sam Grinter, senior principal analyst at advisory firm Gartner, based in London.

The attack, discovered Dec. 11, has affected 2,000 organizations that use the software, including enterprise companies, hospitals, government agencies, universities and emergency services like fire and police departments.

UKG said all products linked to the Kronos Private Cloud are unavailable, and it could take up to several weeks before service is restored. "We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities, The investigation remains ongoing, as we work to determine the nature and scope of the incident."

- UKG executive vice president Bob Hughes said in a statement.

There reportedly is no impact to the affected products if they were installed on-premises (not pulled in from servers in the cloud), nor other UKG products such as UKG Pro, UKG Ready and UKG Dimensions, which are housed in separate environments and not in the Kronos Private Cloud.

Grinter explained that ADP could be another vendor to watch, as it resells UKG Workforce Central as an ADP product. In addition, most major payroll providers have integrations with UKG (due to the 2020 merger with time and attendance pioneer Kronos).

UKG has been providing daily updates on the emergency, including informing clients that backup systems were unavailable due to the attack; the company had not discovered that the hackers stole any data; and that "In most instances, UKG timeclocks will record and store employee punches offline until connectivity can be restored… However, UKG strongly recommends customers consider manual time collection efforts to ensure accurate collection of employee time in the interim."

"Some employers may require workers to do that or ask them to write down their own hours, If not, it's always a good idea to still to go ahead and do that for yourself so that you know what you've worked and how many overtime hours, things of that nature, then that way you can compare it to what the employer has and make sure that you're paid appropriately."

- Amber Clayton, director of the Knowledge Center at the Society for Human Resource Management


He said another option is to just pay everyone the same as the previous pay cycle and try to figure out a way to straighten it out later. The problems with that approach include not being able to factor in those who worked more hours or fewer hours, not being able to pay new hires and sending out checks to people who have left the organization, Grinter said.

As for alleviating the situation by paying the ransom, UKG's actions so far indicate they are not going to take that route, but that could change, Grinter said.

Allan Liska, an intelligence analyst at Somerville, Mass.-based cybersecurity firm Recorded Future, said that even if the company decides to pay the ransom, it can take days to negotiate a settlement and put together the funds. And malware could be left behind for future ransom demands or other exploits. The only safe course is a complete rebuild of the server network, he said.

Protecting Employee Data

UKG has not determined whether the incident has impacted customer data. But the extent of employee information stored in Kronos Private Cloud—and therefore potentially exposed— varies by employer. The city of Cleveland for example, warned its workforce that names, addresses and the last four digits of Social Security numbers could be at risk.

"UKG has been notifying affected customers and those customers are obviously working with UKG to ascertain what data was included, and whether that data was exfiltrated prior to the deployment of the ransomware, Companies can proactively determine what may have been compromised by doing their own analyses, Companies will have to determine what data was compromised, what their legal obligations are and what their contractual agreements are with UKG for that process."

- Linn Freedman, a partner in the Providence, R.I., office of law firm Robinson & Cole.

Is Log4j the Culprit?

It is being theorized that the UKG ransomware attack may be related to the recently disclosed Log4j vulnerability. The bug, also known as Log4Shell, was discovered in a commonly used bit of Java software on Dec. 9. 

Officials at the U.S. Cybersecurity and Infrastructure Security Agency have since warned that state-sponsored hackers from China, Iran, North Korea have started testing and exploiting the vulnerability, which allows remote attackers to take over a device. The agency said that hundreds of millions of enterprise and consumer devices are at risk until the bug is patched.

Tech companies have been scrambling to address the threat, but organizations and consumers should immediately patch any applications or systems affected by it if possible, according to cybersecurity experts.

UKG maintains that there is no connection to log4j. "We are investigating whether or not there is any relationship between the security incident and the Log4j vulnerability," UKG said.

Preparing for Ransomware Attacks

Freedman said that the ransomware attacks we're seeing are just the beginning of a disturbing trend. "There has been an increase in the number of cyberattacks against companies that have access to many other companies' data," she said, citing the data breach at file-sharing firm Accellion in December 2020 and numerous attacks against managed IT service providers this year. "These criminals want to inflict as much pain as possible," she said.

She said that there's a long list of things companies can and should do to mitigate the effects of a ransomware attack but know that these events cannot be completely prevented because of zero-day exploits which hackers can take advantage of before they are even known by the affected technology providers.

Those action items include the development of contingent and backup plans, disaster recovery plans, remote desktop protocol monitoring, insider threat intelligence, multi-factor authentication on all applications and strong spam filters. "Even all of the most effective security measures, however, can never completely prevent a cyberattack," she said.

Spotlight

Keeping the Good Ones is a management and leadership training video that deals with positive employee-manager relationships and employee retention. This inspirational training will equip your managers with practical tools they can use to keep the good people they already have.


Other News
TALENT MANAGEMENT

BairesDev Giveback Program Provides Access to Tech Training and Resources to More Than 1,500 Talented People

BairesDev | August 09, 2022

BairesDev, a leading technology solutions company, announced the conclusion of the latest edition of its Giveback Program, focused on promoting diversity and inclusion in the technology industry by investing in the tech talent of tomorrow. In this opportunity, BairesDev partnered with its clients to make 224 donations to 29 different NPOs, 60% more compared to the previous edition. Twice a year, the company selects a list of NPOs that share its vision of building a more inclusive tech industry and teams up with clients to allow them to choose causes for BairesDev to donate funds. In this edition, BairesDev donated funds to Womxn in Power, EveryoneOn, NPower, Close the Gap, and LaunchCode, among other NPOs, which focus on closing the digital breach faced by many talented people around the world. Beneficiaries highlighted the relevance of these programs in supporting underrepresented communities and addressing unequal access to opportunities in the tech industry. With BairesDev donations, more than 1,500 talented people from diverse backgrounds will have access to industry certifications, computers, digital training, among others. "We at BairesDev know firsthand the importance of a diverse and inclusive tech industry and are committed to providing equal opportunities for talented people, wherever they may be, It's inspiring to partner with so many of our clients who are committed to helping close the digital gap facing underrepresented communities." -Nacho De Marco, CEO and co-founder of BairesDev BairesDev donations have provided enough to underwrite industry certification testing for all of the women in the next Silicon Valley training cohort. This will give roughly 40 women the industry-recognized certification essential to landing their first job in tech, Said NPower Inc. Thanks to BairesDev, Close the Gap can fully equip a computer lab in Africa with 30 computers and offer training to local personnel of a school that is in need of ICT devices. The hardware will be installed in a dedicated computer room where on average 20 individual students will make use of each computer. Thanks to your contributions, 600 students who would otherwise be excluded from digital education will now gain digital literacy, said Close the Gap. The BairesDev Giveback Program, formerly called B-Grants, recently won a Stevie® Award for Corporate Responsibility Program of the Year. Through the program, the organization shows its commitment to helping create opportunities for the tech talent of tomorrow. The next edition of the program will be launched before the end of 2022. About BairesDev BairesDev is a leading nearshore technology solutions company that architects and engineers scalable and high-performing software solutions to meet all kinds of business challenges. Using its deep tech expertise and cross-industry experience, BairesDev evolves digital transformation into digital acceleration. The ultimate goal is to create lasting value throughout the entire digital transformation journey. With 5,000+ seasoned engineers in 36 countries, BairesDev provides time zone aligned services to empower Fortune 500 companies and leading brands. Working for clients like Google, Rolls-Royce, Johnson & Johnson, Pinterest, and ViacomCBS, the company has been reimagining the tech landscape for over a decade.

Read More

TALENT MANAGEMENT

Leading EOR and HXM Platform Strengthens C-Suite with Strategic Leadership Hires

Atlas | June 14, 2022

Atlas, a global Human Experience Management (HXM) technology company that simplifies global expansion with unified software and solutions, including Employer of Record (EOR), expands its executive leadership team with the addition of two strategic hires: Ruairi Kelleher as general manager (GM) of Europe, and Michelle Mesina as chief people officer (CPO). As GM of Europe, Ruairi Kelleher will lead Atlas' business operations and oversee expanded development within the region. As CPO, Michelle Mesina will direct Atlas' internal people strategy to deepen global impact while cultivating rewarding employee experiences for an increasingly diverse workforce. "Strengthening our foundational leadership team is essential as Atlas continues to evolve our best-in-class HXM technology solution to meet the demands of our customers and launch us into our next phase of growth, The addition of Ruairi reflects our commitment to meeting the increased demand for global expansion solutions in the untapped market of Europe. Additionally, Michelle's extensive experience in organizational design, cultural alignment and employee wellbeing, will further enhance Atlas' reputation as a purpose-driven employer." -Rick Hammell, CEO of Atlas. Kelleher brings more than 15 years of experience building and scaling innovative companies via operations, technology, strategy, revenue and M&A activity. Prior to joining Atlas, he served as CEO at global payroll technology company Immedis where he oversaw its 2016 launch and repositioning. Under his stewardship, Immedis emerged as a leader in the payroll space with more than 400 employees and year-over-year growth of more than 100%. As chief executive officer, Kelleher spearheaded the successful Series A and B funding rounds at Immedis and led the commercial practice for expat tax mobility within the Group. Additional previous experience includes consulting for international firms, where he focused on delivering business growth through corporate relationship solutions. Michelle Mesina, SPHR, comes to Atlas with over 20 years of experience from start-up, high- growth and transformative environments, helping organizations to scale quickly. She joins Atlas' C-suite following a series of high-profile positions leading HR and people ops for such dynamic companies as Gensler, PowerReviews, project44 and Hazel Technologies. At Hazel Technologies, she had overall responsibility for thought leadership strategies and solutions to attract, engage and retain the best talent. The largest direct employer of record (EOR), Atlas brings experience and localized expertise into an enterprise-grade technology platform that empowers innovative companies to onboard, manage and pay global talent. The HXM platform delivers end-to-end EOR solutions with self-service capabilities, real-time insights that optimize business outcomes and human touchpoints along the way. The expansion of the leadership team furthers Atlas' position as the leader in simplifying global people operations in the thriving work-from-anywhere world. About Atlas Atlas enables innovative companies to compete in a global economy, believing that businesses should employ whomever they want, wherever the talent exists. As the largest direct employer of record (EOR) with entities in over 160 countries, Atlas is a technology platform that is supported by experts and delivers flexibility for companies to expand across borders, onboard talent, manage compliance, and pay their global workforce without the need for a local entity. Atlas was built on years of experience navigating the challenges of quickly deploying and paying international employees while ensuring compliance with local regulations. This experience brings localized experience and expertise into an enterprise-grade technology platform that supports thousands of companies and remote teams. The Atlas platform is uniquely designed to deliver end-to-end EOR solutions and empowered user experiences that provide self-service capabilities and real-time insights that lead to improved business outcomes.

Read More

TALENT ACQUISITION

Alorica Hires Industry HR Leader Asma Sultana as Vice President of Corporate Talent Acquisition

Alorica | July 08, 2022

Alorica Inc., a trusted global leader in next-generation customer experience (CX) solutions, today announced it has hired highly-experienced recruiting and human resources (HR) executive Asma Sultana as the company’s Vice President of Corporate Talent Acquisition. In this newly-created role, Sultana is responsible for developing and implementing Alorica’s global strategy of hiring world-class associates for corporate business functions including its Digital Business Center (DBC) based in Bengaluru, India. The DBC is Alorica’s innovation lab dedicated to designing and deploying the CX provider’s newest digital products and service capabilities. Additionally, Bengaluru and Mohali are growing markets where Alorica continues to expand its operations with more than 2,460 local employees. Sultana, who also lives in Bengaluru, reports directly to Colleen Beers, Chief Administrative Officer. Sultana brings a diverse recruiting perspective and a track record of success in transforming global recruiting teams for multinational corporations. With more than 20 years of HR management experience including a specialized focus on building people-focused, performance-based programs, Sultana has a deep understanding of today’s global workforces and the corporate values that resonate with employees. She most recently served as Senior Vice President for Leadership Hiring at Accenture Operations. Prior to this role, she played several key roles as HR Business Partner, Talent Strategist and Industry Group HR lead for Accenture’s Technology Division, supporting India and other regions including North America, LATAM, EMEA and APAC. In addition, she has held HR positions at HP and LG. Sultana is a law graduate from Bangalore University Law College and has earned a Postgraduate Degree in Human Resources from XLRI Jamshedpur. “As Alorica continues to grow and the extensive digital CX needs of our clients evolve, the timing was right to add a senior talent acquisition executive to our Employee Experience management team to oversee this critically-important human element of our business,” said Beers. “Alorica is committed to finding and retaining high-caliber professionals all around the world, so Asma’s proven leadership and culturally diverse experience will play a major role in our ability to draw in technically-skilled candidates around the globe who embrace Alorica’s mission. And that’s how we’ll continue to maintain our award-winning work environment, while exceeding client expectations.” “Today’s employee experience strategies, especially those for global CX specialists such as Alorica, require an extraordinary amount of insight, adaptability and finesse to effectively design and implement in this competitive market,” said Sultana. “Today’s employee experience strategies, especially those for global CX specialists such as Alorica, require an extraordinary amount of insight, adaptability and finesse to effectively design and implement in this competitive market,” said Sultana. “No company can be successful without investing in hiring and keeping the right people, and Alorica has thrived in this area through its people-first approach. I personally feel energized by, and connected to, Alorica’s vision of making lives better, and I look forward to leveraging my expertise to expand and enhance the company’s talent acquisition initiatives.” Named a Leader in the 2022 Gartner Magic Quadrant for Customer Service BPO, Alorica has significant experience formulating and managing CX programs around the world. As Alorica grows its global footprint, Sultana will set the vision, strategy, and leadership for Alorica’s talent acquisition team dedicated to attracting and hiring the best employees for the company’s corporate and shared services functions. This includes developing and executing Alorica’s employer branding strategy to support key business functions, including IT, workforce planning, quality control, finance, training, and employee experience. Sultana will work closely with Alorica’s executive leadership team to create customized recruitment strategies and help orchestrate the entire hiring process from beginning to end. About Alorica Alorica creates insanely great digital customer experiences at scale. Our team of 100,000 solutionists, technologists and operators partner with global brands and disruptive innovators to deliver digitally-charged, tailored interactions customers crave. With a track record of creating long-term loyalty, Alorica brings actionable insights, proven processes and CX leadership to transform clients’ business needs, whether they’re focused on digital optimization, customer engagement or market expansion. Through strategic partnerships with best-in-breed technology, we design, integrate and optimize digital solutions personalized to reach clients’ most desired outcomes now and for the future. Alorica drives CX innovation for the best clients around the globe from its award-winning operations in 16 countries worldwide. To learn more, visit www.alorica.com.

Read More

HR STRATEGY

Mobile-first Communications Solutions to Empower Diverse Hybrid Workforces

Frost & Sullivan | June 09, 2022

Organizations have shifted to hybrid work models and adopted new mobile communications strategies due to the COVID-19 pandemic. Frost & Sullivan's recent analysis, Evaluating Mobile Communications Solutions for the Hybrid Workforce, finds that companies' increasing adoption of mobile-first communications allows them to address work from anywhere at any time. This helps them achieve crucial goals, such as empowering diverse workforces and retaining employees. Additionally, technology advancements, including 5G connectivity and improving device capabilities, enable better user mobile experiences and increase decision-makers' comfort in adopting mobile solutions. "Organizations are expected to adopt mobile-forward strategies whereby future communications investments will be aligned with permanently shifted work styles and a strong appreciation for the benefits of mobility, Among other approaches to workforce mobile enablement, all-inclusive UCaaS seat licenses that provide mobile access to calling and UC features will drive further fixed-mobile convergence (FMC) adoption." -Elka Popova, Connected Work Vice President at Frost & Sullivan. To capitalize on growth opportunities in the expanding mobile communications solutions market, providers can leverage the following growth strategies: Address users' shifting requirements with tailored bundles that include services and devices that support new use cases. Mobile and desktop apps and mobile UCaaS solutions provide a strong fit for remote workers. Integrate communications and collaboration solutions with Microsoft Teams. The Operator Connect Mobile program creates considerable growth opportunities for mobile operators among Teams users. Leverage existing assets or acquire mobile virtual network operator (MVNO) resources to capitalize on the growing demand for mobile business communications services. Evaluating Mobile Communications Solutions for the Hybrid Workforce is the latest addition to Frost & Sullivan's ICT research and analyses available through the Frost & Sullivan Leadership Council, which helps organizations identify a continuous flow of growth opportunities to succeed in an unpredictable future. About Frost & Sullivan For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models, and companies to action, resulting in a continuous flow of growth opportunities to drive future success. Contact us: Start the discussion

Read More

Spotlight

Keeping the Good Ones is a management and leadership training video that deals with positive employee-manager relationships and employee retention. This inspirational training will equip your managers with practical tools they can use to keep the good people they already have.

Resources