Some HR and payroll systems could be affected by the Heartbleed bug

-

shutterstock_130285649

Security experts have advised that the Heartbleed computer bug risks extend beyond just websites and are warning UK SMBs to check that their HR and payroll software is not at risk. Using vulnerable OpenSSL code which may be found in some SaaS (software as a service) or online web platforms, the widespread bug could enable hackers to compromise systems undetected and collect sensitive personal and financial data and even the decryption keys themselves.

With HR systems holding personal information such as bank details, passport numbers and payroll information, companies need to ensure this data is secure. Paul Beaumont, Managing Director of Octopus HR, says: “It is vital to know that your software provider takes its responsibility to security seriously and invests accordingly. Octopus HR invests heavily in the security infrastructure around its system and has been unaffected by the Heartbleed bug which, whilst hitting the headlines now, has actually been around for the last two years.”

“While I’m pleased to say that Octopus HR has not been affected by this security flaw there may, however, be some providers whose software has been vulnerable to an attack. Organisations that use a SaaS HR system are strongly advised to check with their provider whether their HR system is hosted on servers having used any of the affected versions of OpenSSL. If it does, they have been, and still are, vulnerable to hackers.”

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

“Companies whose providers are using OpenSSL will have been susceptible to an attack so all users with access to the system will need to change their passwords. However, it is important to check that the software provider has implemented all required security patches and revised their SSL certificates first or any new login details will also be at risk.”

Organisations can check to see whether their provider uses OpenSSL by pasting the URL used to login to the system (beginning withhttps://) into a free online tool.

Latest news

England’s overnight World Cup clash and 5am pub opening prompt CIPD advice

The CIPD is urging organisations to agree any flexibility before England's 1am World Cup last-16 tie to help minimise disruption at the start of the working week.

Russell Cowley: Gen Z – rebuilding workplace culture, break by break

Gen Z workers are taking proper breaks and in doing so, they may be fixing something the rest of us broke.

Fit for Work: Weekend warrior? You can still reap the health benefits

Weekend exercise can still improve long-term health, even for people who struggle to fit physical activity into the working week.

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.
- Advertisement -

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Must read

Wouter Durville: What is the most successful way to recruit?

Applying for a job with a resume is no longer the best way to find work, argues Wouter Durville.

Richard Evens: Too many managers breaking health and safety rules

Research released last week revealed that a shocking two...
- Advertisement -

You might also likeRELATED
Recommended to you