The ADP breach is a good reminder to always be on the lookout!

You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data. 

Here at Venminder, we learned of it through our monitoring service Security Scorecard and wanted to be sure to let our customers know.

Check your incident response plan

In an era when information security breaches are an all-too-common event, it’s a good reminder to check your incident response plan and make sure it’s up to date and put it into action as it pertains to ADP. The business manager at your company who is responsible for ADP should reach out and officially ask for their own response, as well as their root cause analysis and planned follow up actions.

It does not appear that any sort of vulnerability or technical breach at ADP contributed to the incident, so it’s important that all firms involved with ADP understand their vital role in applying the appropriate complementary controls.

Follow up

According to the article, ADP is notifying their clients and internal communications are going out at firms that may be impacted. Even so, it’s worth continuing to monitor the news for follow ups or reports of follow up activity. There are a variety of ways to do that and we’re here to help as well with solutions.

You should also look at your risk assessment on ADP and be sure it’s updated to reflect any insightful findings. Remember, documentation at this point is key because you’ll want to be able to evidence what steps you took to handle the situation and also to remind yourself next time you’re doing due diligence or writing the risk assessment things you may want to investigate further.

It’s a scary world sometimes and when even the industry giants like ADP aren’t immune, it’s a good time to remember these things can happen anytime, so make sure your response plan is sound, your due diligence is thorough, risk assessments updated and all potential impacts documented. We have products, services and a highly experienced team ready to help.