How to Adapt When Essential Services Are Threatened by Cyber Attacks.

As has been much reported in the last week, UKG was the target of a ransomware attack first reported on Saturday, December 11, 2021. This attack has negatively affected the availability of data on the Kronos Private Cloud for UKG Clients using a specific set of products that are hosted in that environment. The scale of impact for this incident is unprecedented in the HCM space, and many Clients are left scrambling to figure out what they can do to ensure the continuity of essential business functions like payroll while this attack is resolved.

While every Client’s business environment and situation is unique, The WFC Group is recommending the following 6 strategies to help any Client currently trying to navigate this difficult time.

6 Tips for Adapting Your Processes to Mitigate the Impact of UKG’s Cyber-Attack.

Tip #1: Stay “In the Know”

UKG has created a specific webpage dedicated to updates around this incident. You can get the latest updates here. You can also subscribe for updates to make sure you proactively receive the latest information available. Additionally, if you are a customer on the Kronos Private Cloud, outage information should be sent to the contacts on your account from, so be sure that email address is included in your valid senders list.

Tip #2: Identify Your Specific Needs

At this point, it is vital to know exactly what data you have and what you don’t. For most impacted Clients, clock data for the period of the outage is missing. Depending on when you process payroll, you may have punch data from before the outage that is needed for the current pay cycle. Other Clients are also missing schedule and accrual (PTO) data while some do not have access to their payroll system at all, including tax withholding, direct-deposit, and demographic information like addresses for their employees. Every company uses these systems differently, so your solution will likely be slightly different from other impacted companies. This is why you need an accurate understanding of what exactly you have access to and what you do not.

Tip #3: Understand Your Options

Once you know what your critical data needs are, you can identify your options to move forward. For most Clients, the first step is gathering punch information. This can be manually collected via a handwritten timesheet or input into a spreadsheet. Quick and simple tools can be pulled from online or created internally to meet your needs. For example, we have a Client that created a very powerful time collection spreadsheet that includes the ability to document job and/or work rule transfers.

If you’re missing direct deposit information, you may still be able to cut live checks to employees using your AP / ERP system. Do you have employee address information for mailing live checks? Can you capture this through frontline supervisors if not?

If you are missing punch data and cannot re-create it in time for payroll, consider using your net check values from your last payroll run to at least get people paid something. You will have to reconcile and correct payments once you regain access to actual punch times, but this interim solution can help soften the impact to your employees until that happens.

Tip #4: Use Your Community

This is a great time to use your network to see what others are doing to solve their problems. We have already seen some incredibly inventive solutions that have been created out of necessity. The UKG Community can be a helpful tool for this. On the UKG Workforce Central product page, there is thread entitled “Business Continuity Plans” with a great deal of helpful information being disseminated by the Community. It currently has over 100 responses from impacted Clients sharing how they are creating solutions for their business.

Tip #5: Plan for Return to Normal

Inevitably, there will be a time when this event is behind us, and we can return to “normal”. To prepare for this, it is critical that every mitigating step taken is properly documented. Be sure to keep all the spreadsheets, timesheets, emails, and forms that you use to get through this system outage so that you can reconcile and correct afterwards. Payroll teams will be working diligently to identify what should have been paid versus what was paid and make those payroll adjustments after the fact. Tax adjustments are also likely since this event is, unfortunately, impacting businesses at year end.

In addition, keep track of what worked and what did not – were electronic tools more difficult to use than paper timesheets for your employee population or vice versa? Were certain teams within your organization able to pivot and adapt better than others? If so, why? Documenting these items will help you create or adapt an existing plan to better insulate your business for the future should a similar situation ever happen again.

Tip #6: Update Your Business Continuity Plan

Most businesses have some form of a Business Continuity Plan to ensure that they can keep essential operations in flight in the face of a critical system or personnel failure. Unfortunately, those plans can only account for the events that we can expect based on things that have happened before. When an unprecedented event like this happens, companies are forced to reevaluate their plans and accommodate a new set of potential interruptions. We recommend answering such questions as:   What are your backup solutions? What are the backups to the backups? Does it make sense to have different third-party providers for your primary and backup systems or processes? Can you run and store certain reports routinely to ensure you have access to necessary employee data in the future? What are small changes you can make now that will reap a hefty return if you face a critical outage again?

While everyone is working diligently to solve the problem at hand, make sure that your organization is considering how you will adapt afterwards to ensure that you can survive events like this in the future without such widespread, negative implications to your essential functions.

The WFC Group is Here to Help.

The WFC Group has been a proud UKG (formerly Kronos) partner for over a decade, and we have been working closely with our Clients on mitigating the impact of this cyber-attack. If you are interested in discussing your situation and options to move forward, please Contact Us today. From advising on Business Continuity Plans to supporting new software implementations, we are committed to listening to our Clients, adapting solutions to their needs, and delivering Client success throughout our engagement.

Back to Blog