All posts tagged employee

Despite Cyber Threat, Few Firms Train Staff in Security

cyberyai

Even the most up-to-date firewall and virus protection will not protect you against the biggest threat to your organization’s cyber security – your employees themselves.

Despite this only 45% of companies train their workers in how to prevent breaches, according to a new report released by the Ponemon Institute, even though 55% of organizations surveyed said they believe they had had a security breach caused by a malicious or negligent employee. And, 66% of respondents said employees are the weakest link in their efforts to create a strong security environment.

The report says also even when there is training, there are “critical areas that are often ignored.” According to the report:

  • 49% said training included phishing and social engineering attacks.
  • 36% said training included mobile device security
  • 29% said the course included how to use cloud services securely.
  • 67% said their organizations do not provide incentives to employees for being proactive in protecting sensitive information or reporting potential cyber threats.

 

With the obvious disconnect between employee training and the very real constant threat to any organization with a database, many companies are not doing enough on the personnel side to reduce the threat of cyber attacks, like hacking, malware and other malicious code.

Experian Data Breach Resolution, which sponsored the “Managing Insider Risk through Training & Culture” report, had the following recommendations of what employee training should cover to protect a business from cyber attack.

 

Basic courses should typically cover these topics:

  • Protecting paper documents
  • Securing protected data
  • Password security
  • Privacy laws and regulations
  • Data classification
  • Safe e-mail practices

 

Advanced courses should typically cover these topics:

  • Phishing and social engineering,
  • Responding to a data loss or theft
  • Mobile device security
  • E-mail hygiene.

 

Gamify training to make learning about potential security and privacy threats fun. Interactive games that illustrate threats for employees can make the educational experience enjoyable and the content easier to retain. There are new training technologies that simulate real phishing e-mails and provide simple ways to report potentially fraudulent messages.

Experian also recommends that employers provide incentives to employees for being proactive in protecting sensitive information or reporting potential issues. This could include a cash reward or gift card at a local coffee shop.

Another approach to changing behavior is to have clear consequences for negligent behavior, such as inclusion in the next performance review or a mandatory one-on-one meeting with a superior.

In addition to training, you should send regular messages to employees about security and privacy practices.

If you have had a data breach, you should require your staff to retake cyber security training. A breach provides the opportunity for you to train your staff about the importance of carefully handling sensitive and confidential information.

 

The stuff of cyber nightmares

Negligent and malicious behaviors that keep security professionals up at night:

  • Unleashing malware from an insecure website or mobile device (70%)
  • Violating access rights (60%)
  • Using unapproved mobile devices in the workplace (55%)
  • Using unapproved cloud or mobile apps in the workplace (54%)
  • Accessing company applications from an insecure public network (49%)
  • Succumbing to targeted phishing attacks (47%).

 

Insured protection

While you may have strong firewalls and a solid employee training program, if you do incur a breach, the fallout can cost you. A cyber liability insurance policy can pay for recovery costs, the cost of litigation and fines and notification costs you may incur.

Call us to see if a cyber liability insurance policy is right for your organization. The chances are extremely high that at some point, your systems will be breached.

FMLA, FLSA Lawsuits Surge, Exposing Employers to Large Awards

lawsuit

The number of employee lawsuits against employers for Family Medical Leave Act (FMLA) and wage and hour violations has skyrocketed in the last five years and your firm could be the next target even for a small misstep, which can be costly.

The Department of Labor has increased its budget and the number of investigators pursuing employers who violate the Fair Labor Standards Act (FLSA), which covers wage and hour complaints, including exempt and non-exempt employee violations, overtime violations and similar issues.

Employment law attorneys say that the surge in FMLA complaints is a result of more people knowing about the law as the DOL has expanded its reach and publicized the act in press releases about actions it has taken against various employers.

Also, they say, the term “serious health condition” is broadly defined, making it easy for employees to satisfy.

Here we take a look at the problem and what you can do to avoid being sued.

 

FLSA

Wage and hour lawsuits are typically filed under the Fair Labor Standards Act, and they’ve been creeping up, a trend employment lawyers attribute to more people working from home and technology, which has blurred the lines between when workers are on or off the clock.

 

FLSA cases filed:

Fiscal 2015: 8,160

Fiscal 2014: 7,500

 

Notable FLSA settlements from last decade:

Walgreens – $23 million

Wells Fargo – $15 million

Roto-Rooter – $14.2 million

 

What you need to know:

  • There are four main areas you need to be concerned with: minimum wage, overtime pay, record-keeping and youth employment.
  • Make sure you properly classify your employees as non-exempt or exempt (the minimum salary to be classified as exempt is currently $47,476 a year).
  • There are six exempt positions: executive, administrative, learned professional, creative professional, computer professional and outside sales staff.
  • Track exempt employees’ hours just in case.
  • Compute overtime properly.
  • Telecommuting can expose you to FLSA liability when employees work or send work-related e-mails outside normal working hours.
  • Employees must be compensated for time spent answering e-mails during off hours, including vacation.

 

FMLA

Qualifying reasons for FMLA leave, according to the DOL, include: birth of a child; a serious health condition that makes the employee unable to perform their work functions; and to care for a spouse, child or parent with a serious health condition.

The rapid rise in FMLA lawsuits is a direct result of the law becoming increasingly complex for employers to navigate, and its increased enforcement. The number of FMLA cases filed last year hit 1,108, almost a fourfold increase from the 280 that were filed in 2012.

 

FLMA cases filed:

2014: 1,108

2013: 877

 

Notable settlements or awards:

Staples Inc. – $275,000

Solvay Chemical – $1.5 million

Christ Hospital and Medical Center – $11.6 million

 

What you need to know

  • Post and distribute information about employees’ FMLA rights and include it in your employee handbook.
  • Don’t retaliate against someone seeking FMLA leave.
  • Develop an internal process for employees to use when applying for FMLA leave.
  • Make sure managers and supervisors apply your FMLA process consistently.
  • Be careful to balance any pushback against the employee, but you have the right to ask for more information from the employee and their doctor. And you can monitor the use of FMLA days.

The Delicate Subject of Cash in Lieu of Coverage

hdhp building blocks

What if you hire a new employee, who rejects your offer of health benefits because they want to stay on their spouse’s plan and they ask for a higher rate of pay instead?

The “employer shared responsibility” requirement of the Affordable Care Act bars employers – with the threat of a $36,500 penalty – from giving an employee cash with which to purchase health insurance on their own.

But how about if you are just increasing their pay based on the fact that you are not shelling out a higher amount for the employer portion of their premium?

Employment law attorneys have been receiving more queries about how to deal with such a request, and in this article we’ll explore how employers can legally do so as long as they are willing to deal with the downsides and potential for conflict with regulators.

To make sure they protect themselves, some employers require employees that opt out of the company health plan to certify that they have other coverage. This is also a questionable move that can have certain ramifications for employers.

It is legal to offer employees cash in lieu of health plan benefits, but it has to be done appropriately through a cafeteria plan that includes a “cash-in-lieu” agreement. If they opt out for cash in the agreement, they will be taxed on those funds as if they were wages.

Just remember that:

  • Cash should not be provided to enable an employee to purchase an individual policy in the open market or an exchange.
  • The written language of your cafeteria plan must clearly state that each eligible employee has the option to either enroll in the benefits or receive cash.
  • The agreement must be under the auspices of your Section 125 cafeteria plan. It cannot be an oral arrangement. The language in your plan must include wording explaining that only those employees who choose the cash option will be taxed on the cash that they receive.
  • The cash amount must be uniform for all employees. If not, you could be creating another problem for yourself: that your plan could fail the non-discrimination test of the ACA.

 

What you should do

If you offer or are planning a cash-in-lieu arrangement, you should talk to us or an employee benefits attorney first. You need to make sure that:

  • You are not opening yourself up to scrutiny by regulators or the tax authorities, and the resulting penalties.
  • You ask if you should require that employees sign a statement affirming they have coverage from another source.
  • The option does not result in employees who opt in to your group health plan being taxed.
  • You offer the option only through a cafeteria plan.
  • Your Section 125 plan document is updated with the appropriate language to show that employees choose either to enroll in benefits or to receive cash.
  • Your plan-related materials are updated to ensure that the option is disclosed to all eligible employees.
  • All written waivers for coverage include the cash-in-lieu option, and that employees clearly indicate that they are waiving coverage that the employer has offered as required under the ACA and the employer mandate.
  • You offer the opt-out option to all eligible employees, not to just a select few.

 

 

 

 

 

 

Court Says Okay to Fire Medical Pot User Who Fails Drug Test

potlaw

As more and more states legalize marijuana for personal or medical use, employers have grown increasingly concerned about what they can and cannot do to enforce their existing drug policies.

A federal court in New Mexico has dismissed a case brought by an employee who was terminated after testing positive for marijuana, despite the worker having a medical marijuana card. The worker had claimed disability discrimination.

The lawsuit is a victory for employers who maintain a zero-tolerance policy towards drug use, even if it’s not being done at work.

In the case, Garcia vs. Tractor Supply Company, a new employee at a New Mexico company had told the hiring manager during his job interview that he was using marijuana for medical purposes (as allowed by state law) to alleviate his Aids symptoms.

Despite that, he was hired and, like all new hires, he was administered a drug test, which he failed.

The following day, he was fired in accordance with the company’s zero tolerance towards employee drug use.

Shortly thereafter, the employee filed a lawsuit accusing the company of disability discrimination and that under the Americans With Disabilities Act the employer was obliged to accommodate his medical condition by allowing his medical marijuana use.

The judge disagreed and dismissed Garcia’s claim.

 

What you need to know

While this case was in New Mexico, the federal court’s ruling mirrors similar cases in other states with medical marijuana laws or outright legal pot use, including California, Washington, Oregon and Colorado.

In each of these states, the highest court in the jurisdiction ruled that employers did not have to accommodate the medical marijuana by job applicants or current employees.

The gist of all these lawsuits and decisions is that even though a state decriminalizes pot for medicinal use, it does not mean that employers have to allow their workers to use it.

All of the courts have also cited the fact that marijuana is still illegal under federal law.

Employers, then, can have policies that prohibit its use on the job, or even if an employee or job applicant tests positive for the drug.

That said, three states – Arizona, Connecticut and Delaware – have laws requiring employers to accommodate medical marijuana users.

So, even if you are located in a state where the law permits you to terminate anyone who fails a drug test, you need to make sure that you are enforcing your policies consistently in order to avoid legal liability.

If you let one of your employees get away with it, you would be eroding your chances of successfully defending a discrimination lawsuit if you fire another worker for medical pot use.

That’s because it might look like you are targeting that employee for punishment because of the underlying medical condition that led them to use marijuana in the first place.

In the above case, the court sided with Tractor Supply Company because it had enforced its policy consistently by terminating all others who had failed the company drug test. It also found no evidence of disability discrimination on the part of the employer.

Employment law attorneys also recommend that you train your managers to not make disparaging remarks about medical pot, particularly when interviewing prospective employees.

 

IRS extends ACA reporting deadline for employers

wrightandkimbroubgh

The IRS has extended the deadline for reporting health plan information for 2015 under the Affordable Care Act.

Starting this year, applicable large employers (those with 50 or more full-time or full-time equivalent employees) must report whether an individual is covered by minimum essential coverage and that an offer of minimum essential coverage that provides minimum value was made to each full-time employee. This is done in form 1095-B and 1095-C.

Under a notice issued on Dec. 28, the deadlines for furnishing employees with the 2015 Form 1095-B (Health Coverage) and Form 1095-C (Employer Provided Health Insurance Offer and Coverage) have been extended from Feb. 1, 2016, to March 31, 2016. These forms explain to the employees their health benefits that you provide, if any.

The same notice also extended the deadline for filing with the IRS Form 1094-B (Transmittal of Health Coverage Information Returns), Form 1095-B, Form 1094-C (Transmittal of Employer-Provided Health Insurance Offer and Coverage Information Returns) and Form 1095-C.

The deadline for filing electronically has been moved to May 31 from Feb. 29. If filing by paper, the deadline has been moved to June 30 from March 31.

‘Cadillac Tax’ Delay Gives Employers Relief

cadillac tax dollar

Employers and their staff will get some relief for another few years from the impending “Cadillac” health insurance tax after Congress approved a delay as part of the budget deal it approved.

President Obama has said he will not veto the new budget, which means that the excise tax will not take effect until 2020, instead of 2018. While some analysts predict that the delay is a precursor to an outright repeal of the tax, benefits experts say it is unlikely to dampen ongoing efforts by employers to rein in their health insurance costs.

Under the Affordable Care Act, the Cadillac tax will be applied at a rate of 40% on any premium in excess of certain thresholds, currently set at $10,200 for an individual policy and $27,500 for family policies. Those thresholds will change annually based on the rate of inflation.

Under the law, health insurers are required to pay the tax, but they are expected to pass on the tax to group health plans, which will result in both employers and employees paying it in the end.

Employer groups lauded the delay. The Washington-based American Benefits Council, which counts mostly large employers as its members, said it considers the delay a “down payment on a full repeal.”

Other employer groups said they would use the extra time to further explore ways to keep their policies under the Cadillac threshold.

The tax is designed to dissuade the use of more expensive and generous plans, which many health care pundits blame for over-utilization of health services. The tax is also expected to help pay for subsidizing health insurance costs for low-income individuals purchasing plans through public exchanges.

Despite the delay, employers are likely continue to seek out ways to reduce their overall health insurance spend, which continues to increase every year, albeit at lower rates than we saw in the decade prior to the ACA.

Group health plan costs rose 3.8% in 2015 from the year prior to an average $11,635 per employee, according to Mercer Benefits.

 

Cadillac tax is serious business

According to an August 2015 survey by the National Business Group on Health, 72% of employers expected at least one of their benefit plans to hit the excise tax in 2020 if they didn’t control costs.

According to the bipartisan nonprofit Committee for a Responsible Federal Budget, delaying the Cadillac tax until 2020 would cost the government $16 billion. Repealing it would cost $91.1 billion over the next 10 years, the committee said recently.

There was another caveat in the budget bill. It requires the U.S. comptroller general and the National Association of Insurance Commissioners to conduct a study of whether the ACA uses “suitable” benchmarks to determine if the tax should be adjusted to reflect age and gender factors in setting the thresholds for levy.

 

What you can do

According to the International Foundation of Employee Benefit Plans’ “2015 Employer-Sponsored Health Care: ACA’s Impact Survey,” 34% of employers had started taking action to avoid triggering the 2018 Cadillac tax.
Actions include moving to a consumer-directed health plan (53%), reducing benefits (37%) and adopting wellness and preventive initiatives (28%).

You should run a financial projection to determine if your organization is expected to be affected by the Cadillac tax. If you expect to be impacted, talk to us about cost mitigation strategies and keep an eye out for upcoming proposed regulations.

As long as the tax hasn’t been repealed, the smart money is to stay on top of it.

Why Slips, Trips and Falls Are So Hard to Avoid

Slips, trips and falls constitute the majority of general industry accidents, cause 15% of all accidental deaths, and are second only to motor vehicles as a cause of fatalities.

With those stark realities, any employer that fails to guard against these preventable accidents is asking for an injury to occur. And despite all of American employers’ best efforts, slips trips and falls:

  • Result in more than 95 million lost work days per year (or about 65% of all work days lost).
  • Account for nearly 25% of all reported injury claims every year.
  • Accounted for a 17% increase in the number of deaths from such accidents in 2013, compared to the prior year.

 

Obviously, there is a disconnect between employer safety measures and the outcome.

A December 2014 survey of almost 1,300 safety professionals, carried out by Safety Daily Advisors, found the “big three” causes of slip, trip and fall incidents are:

  • Human factors – 54%
  • Wet or slippery surfaces – 25%
  • Poor housekeeping – 16%

 

While you can put in place stringent safety procedures, require fall-protection equipment and install non-skid surfaces, there is one thing that is hard to control: the human factor.

That’s why it’s important to instill in workers the importance of:

  • Immediately cleaning up spills,
  • Closing file drawers when done,
  • Picking up loose items from the floor,
  • Keeping aisles and walkways free from clutter, and
  • Keeping their personal workspace clean and orderly.

 

But it doesn’t pay to tell them once. Regular reminders can help instill safety mindedness like the above.

Slippery surfaces are one of the biggest challenges a business faces in protecting its employees – and customers, for that matter. It’s important, then, that you know in which types of area slippery surfaces are likely to occur. You should pay special attention to these high-risk areas:

  • Parking lots, especially in areas where water is pooling,
  • Sidewalks,
  • Food preparation areas, where grease and water can cause hazards, and
  • Non-carpeted entryways or lobbies.

 

Conduct walkway audits to identify safety issues, so that you can develop plans to eliminate them. The plans need to account for varying weather conditions.

Besides those physical aspects, also remind employees to wear proper shoes when it’s raining and not to rush when walking in those areas during rainy days.

The problem is that walking is something we do almost automatically and these days many people are distracted, reading and texting on their smart phones while walking, or maybe lost in thought about their weekend plans.

Distraction results in blindness to their surroundings. Moreover, their emotions, sense of urgency, fatigue or complacency can take over.

But training your employees to be more mindful in areas with slip, trip and fall hazards is not as simple as telling them to “pay attention” or “don’t get distracted.”

Changing behavior is not easy and it takes time and commitment, but the best solution is a behavior-based safety approach.

The first step you need to take is to help your employees become aware of unsafe habits and analyze their mistakes. These include:

  • Walking with caution and making wide turns at corners.
  • Test footing before committing weight.
  • Opening doors with caution.
  • Using railings on stairs.
  • Ensuring there are three points of contact on ladders and equipment.
  • Looking before moving.
  • Wearing appropriate footwear.
  • Being aware of weather forecasts.
  • Pushing (rather than pulling) carts to allow a better line of sight.
  • Keeping eyes and mind on task; no multitasking.
  • No texting or talking on phone while walking.
  • Being alert for trip hazards.
  • Recognizing dangers of walking on ice.
  • Taking designated walkways, rather than shortcuts.
  • Not wearing sunglasses in low-light areas.
  • Reporting all potential hazards.

 

It will take time and effort to change employees’ perception of risk and personal responsibility. But with a proactive approach that builds a culture and fosters an attitude and behavior that puts safety first, workplace injuries will be reduced.

 

On your end, you can:

  • Implement good housekeeping practices.
  • Provide proper lighting, traction aids and require safe footwear.
  • Keep walking surfaces clean and in good repair.
  • Install railings and guards.
  • Display warning signs in high-risk areas (‘slippery when wet’-type signs).

safety-poster

Want to Reimburse Your Staff for Health Premiums? A $36,500 per-employee Fine Lurks

By now, most business owners know about the yearly $2,000 per-employee fine they would face for not securing health coverage for their employees under the Affordable Care Act.

But there is even a larger fine that threatens under recent regulations issued by the IRS – and it’s not for failing to secure coverage.

It’s for helping them secure coverage from a public exchange or open private market. And it applies to ALL employers, even those that are small enough to not be required to provide insurance for their full-time employees under the ACA’s employer mandate.

The fine? Up to $36,500 a year for each worker!

Under the new IRS regulations, issued July 1, employers who do not offer a group health plan, but give their workers additional pay to compensate for the purchase of health insurance or direct medical expenses, can be fined $100 per day, per employee. Over the course of a year, that’s $36,500 per employee – up to $500,000 in total.

The penalty applies whether the reimbursement is considered a before-tax or after-tax contribution.

 

Small businesses, beware!

Employers with fewer than 50 full-time employees are the ones that really need to watch out for this law, since the employer mandate does not apply to them.

The rule appears nowhere in the ACA, yet the IRS created the penalty while writing the regulations that implement that landmark health insurance reform law.

In essence, the National Federation of Independent Business has come out against the regulations, writing in a blog:

“The rule punishes small businesses for providing the only health insurance support many can afford – a contribution to help employees pay premiums for their individual or family health insurance policies or to help finance direct payment for medical services.

“Reimbursing employees for the cost of insurance or medical services is a way for small businesses to help their workers without the administrative headaches of setting up a costly group plan,” the blog quoted Kevin Kuhlman, policy director for the association, as saying.

“There’s no real justification for penalizing small businesses that do what the law’s strongest supporters claim to want, which is to help employees obtain coverage or pay medical bills,” he said.

Here are some things you need to know about the regulations:

  • The $100 per-employee per-day penalty cannot be assessed on employer payment arrangements that have only one participating employee. Therefore, your business can still use such an arrangement to reimburse one employee for his or her individual health insurance premiums without the penalty.
  • The IRS had been offered a temporary penalty exemption to small employers that reimburse or pay employee health premiums between Jan. 1, 2014 and June 30, 2015. A small employer is defined as one with fewer than 50 full-time employees (including full-time equivalent employees) during the prior year. That relief has now expired.
  • Many S corporations have set up employer payment arrangements to cover individual health policy premiums for employees who also own more than 2% of the company stock (more-than-2% shareholder-employees).

IRS Notice 2015-17 exempts such plans from the $100 per-employee per-day penalty for health premiums reimbursed or paid by S corporations between Jan. 1, 2014 and Dec. 31, 2015. The bottom line: through year-end, there is no risk of incurring the penalty for S corporation employer payment arrangements that benefit only more-than-2% shareholder-employees. However, S corporation employer payment arrangements that benefit other employees are still exposed to the penalty.

 

Is help on the way?

The business community has agitated and made its concerns heard by lobbying for a fix on Capitol Hill, and legislation to repeal the regulations has been introduced in both houses of Congress.

Rep. Charles Boustany has introduced legislation in the House, (H.R. 2911), and Sen. Charles Grassley in the Senate, (S. 1697), to remedy the problem. Both bills await congressional action.

bigmoneylek