How Reliable is Online Human Resource Management Platforms?
Ultimate Kronos Group is a human resources management system that is used by many companies to keep track of hours, paychecks, availability, and vacation times. This past week Kronos suffered a ransomware attack that caused the system to crash for most companies. It caused chaos among many workplaces. People worried about their personal information such as their name, income, where they work, and their banking information getting out. It presented the problem as to whether online platforms such as, Kronos, should be used for keeping track of hours and paychecks.
I work for Aerie, the women’s clothing company that is owned by American Eagle. Before starting my job at Aerie, I had to fill out online forms that were sent to the Kronos company to keep track of my availability and hours.
The leader on duty or LOD who makes the schedule can see the availability that each person put in and can make the schedule based off it. The system keeps track of the hours assigned and if a person signs in more than two minutes late, they get a red flag. This helps the company check who is arriving on time and who is leaving earlier during their assigned shift. The system also keeps track of the hours a person works and calculates the paycheck based on the total worked hours. Once approved by the manager it automatically sends the money to the person’s checking account on file.
This system is extremely useful to employers everywhere. It does everything that would normally take hours to do in seconds.
However, when the system crashed, chaos broke out in work places everywhere. Especially, the company I work for, Aerie. Aerie works under American Eagle, so all my paychecks come from them. I am still waiting for the paycheck from last week that usually goes through on Friday mornings, however, due to Kronos being down my paycheck will be late. For people who heavily rely on paychecks every week to put food on the table and a roof over their head this is a significant problem.
With the system down the schedule for the week also disappeared. Throwing my manager and her LODs into a furry of confusion and frustration as they tried to piece the schedule back together. They have had to resort to putting working hours down on paper and sending it into the companies billing department so the company can issue checks and billing statements to those who need to be paid.
Now one of the biggest questions revolving this breach in security, is what personal information will be leaked? And is it good for companies to continue to use online systems to handle this information? Especially, Kronos that has now proven it can be hacked.
The company has released a statement explaining that it appears that no personal information has been leaked. However, other sources have said that people need to be on alert for other potential security breaches. It has been recommended that employees of companies that were affected should change their passwords. Employers should also alert employees of the potential of the last four digits of their social security numbers getting out.
As someone who has only been using Kronos for a little less than a year and has traditionally at other jobs been paid via check and signed in and out via a piece of paper has felt that by using this online system, I am allowing online criminals to access my personal information. It has been proven that Kronos does not have the capabilities to protect its employees. It has also not been upfront over the potential of social security numbers being leaked out to the public.
Although, when working properly Kronos is a helpful tool, it may cost a lot less in damages and leaks of personal information if companies use the old-fashioned way. It would not hurt companies to hire extra people to issue out checks and keep tallies on those who are signing in early or late to the job. It may save some people from having their personal identity stolen.
There is another factor to the problem of online human recourse management companies such as Kronos. This factor is called Log4j. Log4j is used with Java in programming. Many companies use it. However, recently companies have had problems with data and security breaches due to the easy programming that is brought with Log4j. Kronos was one of the companies that uses Log4j. No one has said if Log4j has been the cause of the attack.
Minecraft a popular game that also used Log4j had a major security breach recently. Programming officials realized the vulnerability of leaking information was due to Log4j. Minecraft that is also programmed using Java, issued a “patch” to Log4j to prevent personal information leaks.
For the individual’s that will have to think for themselves in the future will have to consider the following questions. Do they really want to give their information to an online company that has already been hacked? Was Log4j the problem and should companies avoid using online platforms that is coded with Log4j? Could these companies be selling our data or using it for surveillance? And should companies return to the old-fashioned days, or rely heavily on the online presence of human resource management companies such as Kronos?
Read More About the Kronos Hack:
Kronos Ransomeware Attack Could Impact Employee Paychecks and Timesheets for Weeks
Christmas Bonuses Could be Delayed After HR and Payroll Giant Kronos Hit by Ransomware Attack
Comments
Post a Comment