While it’s true that cybercriminals frequently target individuals’ personal information, that’s not their only goal. Sometimes, malicious actors will then take that personal information and use it to gain access to other secure points—potentially affecting other systems beyond the breached organization itself. For instance, a cybercriminal may steal an employee’s login and password, then use those details to access customer databases or even critical infrastructure.
A recent example of this came in 2021 when cybercriminals took down Kronos, the ubiquitous timekeeping software. With the cloud-based system down globally, employees couldn’t clock in or out—time punches were simply inaccessible. Obviously, this proved very disruptive for payroll and time tracking. Yet, the larger takeaway is that even if an employer does everything right, they can still be impacted if a vendor experiences a cybersecurity breach.
That’s why it’s important for HR teams to think about the vendors and systems they rely upon. These may include timekeeping software, case management software or learning management systems. Consider what would happen if any one of those tools stopped working or became inaccessible. How would that impact operations?
Considering these potential scenarios can help HR teams better strategize their responses. For instance, if timekeeping software were to break down, perhaps employees would be required to use an HR-provided paper form to track their time.
Additionally, with the vulnerability of cloud-based systems, HR teams can think about regularly backing up and archiving critical information, including customer details, time-tracking data or transaction receipts. Essentially, if a vendor system breaks down, HR still needs to ensure day-to-day operations can run smoothly.