Tag Archive for: employees

Are companies paying enough attention to cybersecurity culture among employees?

/in


The advent of new technologies such as cloud computing, big data, artificial intelligence, and the Internet of Things have made today’s IT world a lot different than what it was a decade ago. As the technology has been evolving substantially, so have the cyber criminals, with attacks getting increasingly sophisticated. 

The pandemic’s role in pushing companies of all sizes and sectors toward adopting an always-online mode and cloud and other cyber technologies is accompanied by a whirlwind of scams and fraudulent activity hitting companies in 2020 and 2021 with cybercriminals targeting employees’ access to the organization’s systems. 

In this time of digital disruption and increased cyber threats, many companies are focusing their cybersecurity efforts on the technology component—to the detriment of the human factor. When data is compromised, often it’s tied to negligence or failure in the cybersecurity system within the company or from a third-party working with the company.

First line of defense: Employees 

It is imperative that companies focus on building and sustaining a culture of cybersecurity and cultivate it in the workplace for effective cyber risk management. This would entail moving beyond the typical strategy used in which most businesses simply allocate a certain portion of their IT budgets or revenue to security without considering their actual needs. The approach must include helping employees realize that the risk is real and that their actions can have an impact on increasing or reducing that risk. Companies’ cybersecurity blanket must also include third-parties and others on their IT architecture.

Effective cybersecurity necessitates a persistent effort that covers employee behavior, third-party risks, and numerous other potential vulnerabilities in addition to application security, penetration testing, and incident management.

Enterprises spend millions of dollars on hardware and software but may neglect the simple act of properly training their employees on security practices. Teaching employees to recognize threats, curb poor cyber behavior, and follow basic security habits can provide the best return on…

Source…

MercyOne employees share concerns about paychecks due to ransomware attack

/in


MercyOne said it is addressing payroll issues that stemmed from a cyberattack.A ransomware attack on MercyOne’s former parent company CommonSpirit has taken its payroll software offline. Last week, MercyOne announced that employees would be paid on Oct. 21, but because of the outage, they would be paid their full-time equivalent plus the same amount of overtime hours as their previous paycheck.Because of this, some employees say they are not being paid incentive or overtime hours from that pay period. They said they are concerned about whether they will be paid for these hours.KCCI spoke with a MercyOne nurse who asked to remain anonymous.She said she is concerned about finances as a new month approaches. “Mortgages and rents are due. The closer we get, you know, the smaller our accounts are getting. I think everyone is starting to get a little nervous about it,” the nurse said.The next payday is Nov. 4. MercyOne says all overtime or missed hours will be paid on that day. In a statement to KCCI, MercyOne wrote:”At this time, most hospital-based systems are back online, as well as the payroll platform. CommonSpirit Health has worked to make sure that payroll dates were met and is committed to paying employees for every hour worked.”The nurse KCCI spoke with said employees want and need to trust the company will pay them what is owed. “We do really want to give Mercy the benefit of the doubt and say that they just don’t have all of the information. At least our direct managers are not getting all of the information; because we know it’s not their fault. They’re just giving the information to us as they’re getting it,” the nurse said.

DES MOINES, Iowa —

MercyOne said it is addressing payroll issues that stemmed from a cyberattack.

A ransomware attack on MercyOne’s former parent company CommonSpirit has taken its payroll software offline.

Last week, MercyOne announced that employees would be paid on Oct. 21, but because of the outage, they would be paid their full-time equivalent plus the same amount of overtime hours as their previous paycheck.

Because of this, some employees say they are not being paid incentive or overtime hours from that pay…

Source…

Franciscan billing employees to recoup overpayment after Kronos ransomware attack targeting payroll

/in


A winter ransomware attack has caused Franciscan Health to require employees to pay back wage overpayments made when it lost access to the software of its payroll vendor, Kronos.

Some hourly workers, such as nurses and housekeepers, are being billed hundreds of dollars and told the money will be withheld from future paychecks if they do not repay it in coming months. The overpayments took place in December and January, with workers already having paid taxes on the income they received in 2021.

“When faced with the unexpected Kronos vendor outage, which was wholly outside of Franciscan’s control, Franciscan reacted quickly and worked hard to pay coworkers as accurately as possible, given the circumstances,” a Franciscan spokesperson said. “During this period, our best recourse was to pay most types of compensation based on hours worked and to ensure no interruption in coworker paychecks. Franciscan’s inability to access the Kronos system resulted in some coworkers receiving over- or under-payments.”

People are also reading…

Some hourly workers reported being asked to repay thousands of dollars, but the issue did not affect everyone at the Mishawaka-based health care system, which operates hospitals in Hammond, Munster, Dyer, Crown Point and Michigan City, as well as medical offices throughout the Region.

“Franciscan has worked to reconcile any discrepancies with the impacted coworkers and continues to do so,” the spokesperson said. “The employees who were underpaid have already been made whole. Overpayments averaged around $350, and those affected are being provided repayment options over the next several months to ease any burden.”

Ultimate Kronos Group provides payroll software to companies such as Franciscan Health, YMCA, GameStop and Whole Foods, letting employers manage time sheets, payroll, absence requests, scheduling and other workforce management tasks through a cloud platform. Its system was…

Source…

City warns employees about computer hack of public housing agency

/in


INDIANAPOLIS — Almost 24 hours after FOX59 News exclusively reported that the Indianapolis Housing Agency was the target of a ransomware attack, Indianapolis city employees have finally been told of the hack and advised to maintain email security vigilance.

IHA officials admit that as early as Monday of this past week their system was hacked by unknown actors in pursuit of potential personal information of 25,000 Marion County residents, vendors who do business with the agency and financial transactions between IHA and the Department of Housing and Urban Development.

A statement released by attorneys representing IHA Thursday night gave no indication of knowledge of the hacker’s identity or demands.

Today at 12:39 p.m., the City’s Information Services Agency issued the following statement to municipal employees:

Recently, the Indianapolis Housing Agency (IHA) became a victim of a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt organizations by locking down the organization’s computers and IT systems in exchange for the payment of a ransom. The data maintained by IHA, including personal information of residents and employees, as well as vendors, is potentially at risk.  

The IHA network is isolated from the City-County network, so there is no immediate threat to City-County or constituent data as a result of this incident.  

ISA has implemented several protocols to maintain, and improve, the safety of our computing environment. Earlier this year, ISA introduced security awareness training which is required annually for staff. As additional protection, we are installing an encryption tool on the hard drives of all City-County computers to protect network data from unauthorized access if the equipment is lost or stolen. Learn more about ISA security enhancements

SA encourages all staff to continue to report emails that you believe might be suspicious, either by using the Outlook PhishAlarm reporting tool or by calling the ISA Service Desk at 317-327-3075.

Professor Scott Shackelford of the Kelley School of Business at Indiana University said the costs of recovering stolen information or repairing a system after a…

Source…