What the CrowdStrike outage taught payroll professionals

On July 19, a software glitch live for only 78 minutes led to global turmoil. The incident, eventually traced back to an early-morning software update by cybersecurity firm CrowdStrike, led to outages for some 8.5 million Microsoft Windows systems running the company’s Falcon threat detection and prevention platform, Cybersecurity Dive reported.

Organizations worldwide were affected. Airports effectively came to halt, while a number of major banks faced disruptions ranging from employees being unable to access their work stations to consumers being locked out of digital accounts. By extension, the outage also disrupted payroll operations for some employers.

Tsvetta Kaleynska, founder and CEO of RILA Global Consulting, said that moving money across bank accounts became “impossible” during the day of the outage, leaving her temporarily unable to pay employees of her small business. The glitch also affected software vendor Docusign, which RILA uses to complete contracts; RILA lost out on a “huge, huge contract” with a client that could not be signed due to the outage, Kaleynska said.

RILA eventually got employees paid on the morning of July 20, she continued, but the outage served as a reminder of the tangible effects that result when things go wrong in a business world heavily dependent on software.

“It highlighted the huge dependence on systems and software for operations and revenues for small business leaders like myself,” Kaleynska said of the CrowdStrike incident. “It felt like a huge blow to small businesses.”

A case for business continuity planning

In some ways, it may take time for businesses to assess the full damage of the CrowdStrike incident, said U.K.-based payroll consultant Ian Giles. Organizational pay cycles vary widely depending on factors such as geography and pay frequency, and Giles said Friday is a popular day for businesses to make payments to workers.

Add in the fact that more and more employers choose to schedule payroll transactions days in advance, leaving the process to occur more or less automatically on payday, and “there’s every eventuality that people did not get paid” on the day of the outage, which fell on a Friday, Giles added.

Organizations including the Global Payroll Association and PayrollOrg — the latter of which formed last year as a merger of the American Payroll Association and the Global Payroll Management Institute — have raised this exact possibility. Even organizations who don’t use CrowdStrike may have been affected if their vendors do, said Curtis Tatum, in-house counsel and senior director of federal payroll compliance at PayrollOrg.

Keep up with the story. Subscribe to the HR Dive free daily newsletterEmail:Sign up

Unlike previous cyber incidents affecting payroll, such as the late 2021 Kronos outage, the CrowdStrike outage does not appear to be the result of a targeted cyberattack — a potential silver lining, Tatum said. Major U.S. payroll service providers have not reported any service disruptions publicly, he added, but the situation is still fluid. Giles likewise said that the situation “seems to be very quiet” as far as payroll providers are concerned, but he also said that this could change within the coming weeks and months.

However, one takeaway is that employers should have stress-tested business continuity plans for cyber incidents that include every single person who is involved in the payroll process, Giles said.

“Don’t just make sure you have a plan in place,” he continued. “Make sure it is regularly tested.”

In some cases, payroll vendors themselves may have their own versions of such plans, and employers can incorporate those directly into their continuity planning. “If what they have is already written, get it,” Giles said. “Make it a chapter of yours.”

Tatum said he also recommended that employers work collaboratively with vendors to ensure preparation for similar incidents and to build relationships with vendors that allow for such information exchange if they have not already done so.

Employers also might want to consider having a physical backup of their payroll, he noted, a strategy that helped some employers during the Kronos outage. While this approach can be expensive, “it’s good to have” in the event that employers are unable to access an electronic backup altogether, Tatum said.

Leave a Reply

Your email address will not be published. Required fields are marked *