Voice of Business Blog

In mid-2025, cybersecurity experts uncovered a series of targeted cyberattacks exploiting SonicWall SSL VPN appliances, used by many organizations for remote access. These attacks were linked to the Akira ransomware group, a threat actor known for encrypting data and demanding ransom while threatening to leak stolen information.

What’s especially concerning is that these intrusions affected systems that were fully updated and patched, indicating that Akira may be using a zero-day vulnerability - a flaw not yet known to the software provider or the public. Once inside, attackers bypassed login protections and quickly accessed sensitive systems, launching ransomware that locks up data and extracts confidential files.

Why This Matters to HR Professionals and Business Owners
This attack isn’t just a technical issue—it’s a business and people issue. Akira’s tactics target the core of your operations: your employee and business records.

If your HR files, payroll data, or internal communications are encrypted or leaked:
-  You may face legal and regulatory consequences for exposing employee personal information. NYS has specific laws ensuring employers protect employee personal information.
-  Business continuity could be disrupted, affecting payroll processing, compliance audits, or talent management.
-  Trust with employees, clients, and partners could be damaged, especially if sensitive data becomes public.

Actionable Steps You Can Take
Even if you don’t manage IT systems directly, you play a vital role in protecting your organization’s data. Here’s how:

1. Ask Your IT Team the Right Questions
-  Are we using SonicWall VPNs?
-  Have they been restricted or taken offline due to this vulnerability?
-  Are all remote access points protected with multi-factor authentication (MFA)?
-  If you don’t have an internal IT team, or an external IT partner, considering partnering with one. There are quite a few IT solutions providers that are Greater Rochester Chamber members. Check out our Membership Directory to explore options.

2. Understand Where Your Data Lives
HR records are often stored in multiple systems—cloud HR platforms, internal drives, even email. Ensure your business has secure, encrypted backups of all critical files, and ensure that those backups are protected from cyberattacks. Consider whether to employ offsite storage for that purpose.

3. Limit Access to Sensitive Information
Ensure only authorized personnel can access HR and business records. Periodically review who has access and remove permissions for users who no longer need it.

4. Educate Employees About Cyber Risk
Cybersecurity is a team effort. HR can lead the way by promoting safe remote work practices, strong password habits, and vigilance against phishing, as well as annual training so employees can recognize attempts to gain access to your network, emails, etc.

5. Be Prepared for an Incident
Have a plan in place. Know who to contact—internally and externally—if a data breach or ransomware attack occurs. Ensure your business continuity and disaster recovery plans include employee data protection. And inform employees of their role.

Bottom Line: As cyber threats become more targeted and sophisticated, business owners and HR professionals must work closely with IT to protect the organization’s most valuable assets - its people and their information. The Akira attack is a stark reminder: data security is no longer just an IT issue - it’s everyone’s responsibility.

Greater Rochester Chamber understands the importance of helping businesses protect their systems, records, employees, and clients. That is why we partnered with Brown & Brown to launch the Cybber Consortium for members a few months ago. As you know, cyber insurance helps protect your business from the costly impact of cyberattacks, including data breaches, ransomware, and business interruptions. It also provides access to experts and resources to help you respond quickly and recover effectively in the event of a cyber incident. This service is available to chamber members in all industries except Bitcoin and Cannabis related organizations. However, please note that this consortium is currently only open to those not part of an existing consortium through Brown & Brown.

To learn more about the consortium and/or to request a copy of the information meeting recording and materials, contact Kathy Richmond, Sr. Director, HR Services.