WannaCrypt and payroll data security
WannaCrypt, the solution and our call to action
In light of the WannaCrypt/WannaCry attack we’d like to encourage businesses, and specifically payroll personnel and payroll management, to take a close look at their IT systems, policies and payroll procedures. The sensitive nature of payroll data and its significant importance to a business and its employees means that it is crucial that the correct structures are in place. If your business was infected by this attack your customer and employee data would not be accessible – what would this mean for your business and employees? Could your business continue to operate, could you invoice your customers, could you pay your employees? Now is the time for a comprehensive payroll data security review. So with that in mind let’s take a look at the recent cyberattack and the solution, we’ve also included additional resources that can help improve your payroll security.
What is WannaCrypt?
The WannaCrypt or WannaCry Ransomware Attack is the ongoing attack where Windows computers are being targeted and their data encrypted. If successful, the attackers then request a Bitcoin payment to decrypt the data.
The impact so far
It has been reported that the attack started on May 12th and has currently infected over 220,000 computers in more than 150 countries. While Ireland has been significantly impacted, the outcome hasn’t been as severe compared to some other countries. For example, while the HSE has been infected, patient care has not been affected, unlike in Britain where the impact reportedly led to the NHS turning patients away.
Contrary to some early reports, the “kill switch” discovered and utilised by @MalwareTech to stop the progress of the attack didn’t completely solve the problem. It prevented a significant number of additional computers being infected, but as @MalwareTech explained, it was a temporary block.
A solution, to the Windows vulnerability that was utilised by the attackers, was actually issued by Microsoft two months before the attack. In their article Microsoft states that:
In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
Microsoft then goes on to specify that:
Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March.
Paycheck Plus Payroll Data Security
In light of the cyberattack, previous articles that are of particular interest are:
Payroll data security is essential due to the sensitive nature of the data. Having the appropriate and up-to-date IT systems and policies in place is imperative to ensure data security and confidentiality while also ensuring continuity of the payroll function. This is a significant investment for businesses and one that many struggle to afford. With limited data security resources and limited/ineffective implementation of systems, businesses and their employees remain at risk. If this attack had infected your business’ systems then your customer and employee data would be encrypted – this would likely halt invoicing and payroll processing among many other business operations.
Here at Paycheck Plus we invest significant resources into our IT systems, our policies and our procedures to ensure that our client’s data is protected. This means that our client’s resources are freed up to focus more on profits and they can rest assured that their employees will get paid on time, every time.
To ensure payroll data security and for expert support contact Paycheck Plus now.
Paycheck Plus – Payroll Excellence