Payroll Redundancy: Key Ingredient in Business Continuity Plan
One of the first questions a potential employee asks when interviewing for a job with a dairy processor is: How much will I make?
Imagine if your response was, “We’ll pay you X amount. That is, until our payroll and time keeping provider gets hit by ransomware. Then, for several weeks we’ll struggle to figure out how to track your time, issue your paycheck, and account for overtime.”
Imagine how quickly that candidate would be heading for the exit.
Ransomware attacks and the effects on payroll
This scenario may seem far-fetched, but this very scenario played out at companies across the U.S. after a well-publicized December 11, 2021 ransomware attack of a human resource and payroll management provider, resulting in major problems for many businesses and governments, including not being able to process employee paychecks for many months. A few weeks ago, employees at Tesla and PepsiCo filed class action lawsuits against the platform.
Operations impacted by the ransomware attack on their vendor’s system were forced to revert to paper and pencil to track their employees’ time. And, in some cases, paper checks were issued when direct deposit details were frozen. Many of the companies impacted had to resort to these emergency measures for several months.
Using a third party provider (like the platform mentioned above) does not diminish any employer’s responsibility for making payroll under the Fair Labor Standards Act. Therefore, potential insurance policies that could be triggered by such an event could include cybersecurity-dependent business interruption and employment related practices liability among others.
A typical business continuity plan accounts for emergencies such as fires, tornados, or product recalls. But, it’s fair to say that while some of these risks can be transferred contractually to insurance or third parties, it is a best practice to try to avoid risks via your continuity plan.
Is payroll redundancy included in the corporate business continuity planning process? If it hasn’t been included before, time to include this key ingredient.
Accounting for payroll redundancy in your business continuity plan
A well-developed business continuity plan considers the “what ifs” that could disrupt or completely up-end a business’s ability to function. The overall objectives of a business recovery plan are to protect an organization’s resources and employees, to safeguard the organization’s vital records, and to ensure the ability of the business to function effectively in the event of a severe disruption to normal operation procedures.
A business continuity plan provides a framework for returning the operations to a normal state. Through the planning process, dairy processors identify and manage hazards associated with disasters; mitigating the effects of such an event should they occur. While, commonly, plans would include mitigating the impact from fires, or floods, or product recall – in light of the severe impact that can be caused by a critical vendor being hit by ransomware, it’s advised that dairy processors also consider vendor redundancy options within their business continuity plans.
According to Chris Halverson, M3’s director of rapid response and recovery, the following are the basic steps to creating a business continuity plan.
The development of a business continuity plan requires a significant investment of time, money, and other resources. It also requires the full support of senior management. Getting approval from senior management to develop the plan is the first crucial step.
Definition and Scope
The planning committee should define the scope of the business continuity plan. This makes it possible to identify priorities.
Once the planning committee’s priorities are clear and reinforced with the commitment from top management, the team should begin the data collection phase of business continuation planning.
Business Impact Analysis
This phase determines the impact of a disaster on each department and identifies resources needed to resume critical business functions.
This phase is to develop strategies to resume business functions – the heart of the business continuity plan.
In this phase, you will finalize the business continuity plan. In many ways, however, a business continuation plan is always a work in progress. To be effective, it needs to be continually tested and adjusted to reflect changes in the business.
Testing and Monitoring
Establishes procedures for testing the business continuity plan.
Develop a system to update names, responsibilities, and contact information in the business continuity plan. Establish procedures for the planning committee to review and revise the continuation strategies frequently. Schedule quarterly or semiannual update meetings.
Traditional business continuity plans likely take natural disasters into account, but have you adjusted yours to include payroll redundancy in the case of a ransomware attack? Dairy leaders should take note of increasing cybersecurity issues within the industry and ensure you are able to keep your business running (and your employees paid) if a cyber event were to occur.
This blog post is derived from an article by Jim Brunker, originally published in the April 2022 issue of The Cheese Reporter. M3’s Food & Agribusiness professionals are regular contributors to the Cheese Reporter. Read the full article as well as other recent M3 articles on cheesereporter.com.