In the US, cyber-attacks happen as often as every 39 seconds. As technology becomes more integrated into our personal and professional lives, prioritizing cybersecurity measures is critical.
Unfortunately, PrismHR, one of Nextep’s technology partners, was recently targeted by one of these threat actors, leading to a disruption in service for portions of Nextep’s online account.
One of our core values and something we pride ourselves on is transparency. Now that we have more details, we want to share what we know about the cyber event PrismHR experienced.
On Sunday, February 28, PrismHR discovered activity in their systems and took immediate action with their cybersecurity company. Unfortunately, this meant they needed to disable access to their systems to protect the integrity of their software and data. This is why portions of the Nextep account were temporarily unavailable while PrismHR diligently worked to restore service. As soon as we were aware of the service disruption, we began communicating with client leaders.
PrismHR’s cybersecurity team confirmed that, at this point, there is no evidence that any data had been compromised or accessed without authorization. During the incident, Nextep’s service teams worked tirelessly to manually process payrolls to ensure clients were paid on-time while PrismHR worked to bring their systems back online. PrismHR has also released an official statement reporting the cyber event and reassuring that there was no theft or unauthorized access of data.
As the week came to an end, functionality was restored to PrismHR’s systems, and Nextep reached out to clients again to offer information on what comes next and additional support.
As a SOC 2 Type 2 certified organization, PrismHR applies processes and procedures to ensure technology and data are secure. We are confident in the steps they have taken to handle this incident and commend the swift action taken to secure data. Nextep also has the SOC designation, which means keeping your data secure is part of our day-to-day operations.
Cybersecurity is something we don’t take lightly.
Our IT team has a serious knack for taking every measure possible to ensure the integrity of our networks, client systems, and communications. While this cyber event was not ideal for anyone involved, we remain as committed as ever to protecting your information as a trusted partner to your business. Here are just a few of the security measures we have in place at Nextep to keep our employees and clients safe:
- We work with partners who hold compliance accreditations like SOC 2, FedRAMP, HIPAA, NIST 800-34, NIST 800-53, NIST 800-171, and FIPS 140-2 validation
- Secure communication with partners via SSL/TLS and encrypted emails
- Multiple levels of offsite and cloud-based data backup and replication
- Electronic access control and surveillance systems at our office locations
- Hard drive encryption on all mobile computers
- Monthly cybersecurity training for all employees
- Automated system and data monitoring tools
- Anti-malware systems
On top of extensive security measures, we also hold a robust cybersecurity insurance policy, as does our partner, PrismHR. It provides an additional layer of protection to help us mitigate any negative impact on our clients and our business in the event of a cyber-related incident on our systems.
We know this situation was difficult for all involved, but we want to assure you, there is still no evidence of unauthorized access, misuse, or theft of client data at this time. We simply can’t apologize enough for the disruption.
When we say we’re serious about cybersecurity around here, we mean it. Elevating the employment experience for you and your employees is one of Nextep’s guiding principles, and we have teams of relentlessly dedicated experts to ensure we can continue doing just that, no matter what stands in our way.
For more information about the PrismHR outage, please check out our webinar below.