Here's a reason to not host your data

[Abby Normal]

https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/amp/

[Lee B]

In mid December a large online Payroll Platform, "Kronos" was hacked with a ransomware attack.

Now 6 weeks later their payroll software still is not fully functional.

There are a number of governmental agencies plus many non  profit health care systems that were using this software for time keeping,

human resource management and payroll. 

 

"A month-old ransomware attack is still causing administrative chaos for millions of people, including 20,000 public transit workers in the New York City metro area, public service workers in Cleveland, employees of FedEx and Whole Foods, and medical workers across the country who were already dealing with an omicron surge that has filled hospitals and exacerbated worker shortages.

In the weeks since the attack knocked out Kronos Private Cloud — a service that includes some of the nation's most popular workforce management software — employees from Montana to Florida have reported paychecks short by hundreds or thousands of dollars, as their employers have struggled to manage schedules and track hours without the help of the Kronos software.

Though Ultimate Kronos Group, the company that makes Kronos, says that it expects systems will be back online by the end of January, affected employers say they don't yet know for sure when they will actually be able to access their systems and information.

The additional burden won't end once Kronos is back: Finance and human resources departments around the country face weeks of additional work bringing the manual records they have collected over a month or more back into the Kronos system. In the most severe cases, that backlog could delay issuing W-2s and other tax information."

There is a long list of news articles about this hack!

[Abby Normal]

Lesson: Do your own cloud to a server you control. Hackers won't even know you exist.

[Medlin Software, Dennis]

Hackers can find anything.  The key is to have backups, and to anticipate total data loss at any time.

Nothing wrong with having data securely online.  Of course, one has to plan for no connectivity, as well as total failure, which means you still cannot get away from local live data and local backups.  The recent well known issue is not the first, nor will it be the last.  While there is uproar over the recent issue, more get upset when AMZ goes down and they cannot watch their streaming service.

In my case, I have been resisting adding a cloud component until the right solution came along.  It will be available this year, but includes a secure local copy of the data being maintained, not just online data.  Essentially it is a forced backup, with the online backup being the working data.  It will offer what many customers want, access from any allowed computer, such as home and office.

Heck, data issues are not always hacker related.  A couple times a month I hear from customers who are dealing with embezzlement and other employee caused issues.

[Abby Normal]

Except the downside of having all of your clients personal data including Social Security numbers and birth dates is a whole lot worse than having to just restore your data drive.

[Medlin Software, Dennis]

SSN's cannot be considered private, and DOB (if even required to be stored, only in a handful states at present) for regular payroll needs (not counting HR needs) are certainly not private.  The employer has a duty to not make the data any more public.  I can make a great case allowing software to securely encrypt, then store online (encrypted again) is more secure than a desktop or laptop in any office, home, or wherever it may be.

There are people who are using known insecure OS's.  People who use no security, not even a Windows login.  And so on.  It really is (past) time to believe the end user knows the risks and responsibilities.  Back in the 90's, sure, most computer users were computer experts.  Now?  Maybe a small single digit percentage.

Heck, taking your computer to a "tech" is a risky adventure these days, as the "tech's" are likely to resort to wipe and reinstall, rather than do any investigation, and they are very likely not to be able to restore or retain all data.

I am not saying online is the be all end all solution, just a great way to lessen data loss due to human action/inaction.  I am saying proper online storage is exponentially more secure than data only stored locally.

The majority of my time is pondering and trying to prevent the most unthinkable human actions.  At some point, which may have even already happened, software has to be more about stopping things than actually doing things.

[Abby Normal]

My Social Security number may not be considered "private" (whatever that means), and yes my health insurance, employers and many others have had access to it, but that doesn't mean that I'm ok with hackers in Russia having access to it.

[Medlin Software, Dennis]

Likely has already been hacked or compromised, just not "used" nefariously. Small fish in a big pond is a reasonable expectation, at least not to cause undo worry.  Hopefully, by now, those who have our data take even modest steps at security.  But we all know that is not true, which makes the worry pointless. It is free to monitor your finances and credit reports, even instantly, and if it came down to it, there are ways to get a new SSN.

[Lee B]

 The Equifax hack exposed about 50 % of all the SSNs in the US for everyone older than 18.

I agree that our SSN s should be private but given all of the other hacks in the last 4 years it no longer is private.

The odds are better than 50/50 that your SSN is available for sale somewhere out in the dark web.

 

 

[Catherine]

20 hours ago, cbslee said:

The odds are better than 50/50 that your SSN is available for sale somewhere out in the dark web.

At this point, I'm frankly surprised that recorded colonoscopies aren't available on pay-per-view, for the person of your choice.