Cyber Risks & Liabilities: September/October 2018

In this Issue

Who’s to Blame if a Security Breach Affects Your Organization?

A recent survey found that 70 percent of consumers expect businesses to take responsibility in the event of a data breach. But who within your organization should take the heat?

Acronyms All Businesses Need to Know

As cyber security evolves, it’s easy to become overwhelmed with all the terms and acronyms used. This article lists some of the most common acronyms in cyber security.

Increase in Attacks Against 911 Call Centers Highlight Need for New System

There have been 184 cyber attacks on public safety agencies and local governments since 2016, and 42 of those attacks targeted 911 call centers

Who’s to Blame if a Security Breach Affects Your Organization?

If a security breach affects your organization, your main focus may be to solve the problem as quickly as you can, not point the finger in blame. But your customers want to know why it happened and who was responsible, even if the breach occurred because of their own lax security measures (e.g., sharing passwords or opening suspicious emails). In fact, a recent survey found that 70 percent of consumers expect businesses to take responsibility in the event of a data breach. But who within your organization should take the heat?

The CEO

If an organization doesn’t budget enough for security solutions, the fault will likely be placed on whoever makes the financial decisions, stemming from the CEO. In fact, 29 percent of IT decision-makers who took part in a recent VMware survey thought that the CEO should be held responsible in the event of a large-scale data breach.

The CISO

If a data breach occurs even after your company adequately budgets for cyber security solutions, 21 percent of IT security professionals surveyed would still hold your CISO accountable in the event of a data breach.

IT Personnel

According to a 2014 report, 95 percent of cyber security incidents are due to human error. That’s why personnel who manage IT security on a regular basis are easy targets for blame.

Other Employees

While accountability may start with the CEO and board of directors, everyone in your organization should take responsibility for cyber security. Even if you have the most modern cyber security technology, its return on investment will be nonexistent without full employee participation

Increase in Attacks Against 911 Call Centers Highlight Need for New System

There have been 184 cyber attacks on public safety agencies and local governments since 2016, and 42 of those attacks targeted 911 call centers, according to cyber security firm SecuLore Solutions.

Over half of the attacks involved ransomware, in which hackers used a virus to control the emergency systems and hold them hostage for payment. Most of the remaining attacks were denial-of-service attacks, which involved a flood of fake calls that prevented call centers from addressing valid emergency calls.

Due to the vulnerabilities in the current 911 system and the fact that it doesn’t address the ways people communicate in the modern world—such as through texts—the emergency response industry is encouraging state and local governments to adopt a system called Next Generation 911.

The Next Generation 911 system will have advanced security and be able to seamlessly move incoming calls to other centers when needed. The new system also gives callers the choice of calling from a phone line or sending data through approved telecommunications carriers and internet service providers.

Next Generation 911 is expensive, however, and governments have been slow to adopt it. Plus, its increased connectivity also opens new potential means of attack, according to industry experts. Sophisticated defense systems run by in-house cyber security teams will be vital as the emergency response industry adopts any new technology.

Acronyms All Businesses Need to Know

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter


Do employees know where to go in a health crisis?

Often, employees are unsure who they should go to first when they have a health crisis at work. Many employers don’t have a consistent process in place for addressing health crises. Read this blog post to learn more.


When talking to employers about their disability programs, I often ask, “Who do your employees go to first for assistance when they have a health condition?”

If I ask that question of a direct supervisor, it’s met with a quick response of “Me!”, which is quickly followed by the statement, “My employees know that my door is always open and I’m here to help them!”

Sadly, this is not true. Another insurance company recently surveyed employees who experienced a health condition in the workplace and asked that same question: Who did you go to for assistance? The responses varied.

For example, we found that at midsize companies with 100 to 499 employees, it varied:

· 44% went to their HR manager
· 33% went to their direct supervisor
· 18% went to their HR manager and direct supervisor
· 5% went elsewhere

What this shows is that many employers don’t have a consistent process in place for addressing employees with health conditions. This confusion or misunderstanding about whom to approach for assistance can create an inconsistent process for your clients and their workforce — potentially resulting in a negative experience for employees and lost productivity for employers.

Based on the survey findings, employees who worked with their HR manager tended to have a more positive experience and felt more valued and productive after speaking with them about their health condition.

For instance, 54% of employees felt uncomfortable discussing their health condition with their direct supervisor, versus only 37% of employees who went to their HR manager. In addition, 73% of employees who worked with their HR manager felt they knew how to provide the right support for their condition versus 61% of employees who worked with their direct supervisor.

There are several reasons why working with an HR manager can be more beneficial for employees, and ultimately, your clients. Typically, working with an HR manager can lead to more communication while an employee is on leave. Our research shows employees who worked with an HR manager were more likely to receive communication on leave and returned to work 44% faster than when they worked with their direct supervisor.

HR managers also are usually more aware of available resources and how to connect employees to necessary programs to help treat their condition. HR managers who engaged their disability carriers saw a 22% boost in employees’ use of workplace resources, such as an EAP, or disease management or wellness program, when involved in a return-to-work or stay-at-work plan.

This connection to additional resources is essential, as it can help employees receive holistic support to manage their health condition — whether it’s financial wellness support, connection to mental health resources through an EAP or one-on-one sessions with a health coach. HR managers also are usually able to better engage their disability carrier to provide tailored accommodations, which can help aid in stay-at-work or return-to-work plans.

Providing your client with these findings can help them understand the importance of creating a disability process that puts HR as the main point of contact. Not only does this create a consistent experience that helps provide employees with the support they need, it can improve employee morale and reduce turnover.

SOURCE: Smith, Jeffery (16 August 2018) "Do employees know where to go in a health crisis?" (Web Blog Post). Retrieved from https://www.benefitnews.com/opinion/do-employees-know-where-to-go-in-a-health-crisis


Safety Focused Newsletter - August 2018

Lower back injuries caused by improper lifting are some of the most common work-related injuries.

Safety Tips for Proper Lifting

Lifting is a common activity in the workplace—an activity that can be potentially dangerous if the proper techniques are not used. In fact, lower back injuries caused by improper lifting are some of the most common work-related injuries.

In order to protect yourself when lifting heavy items in the workplace, do the following:

  • Look over the load. Decide if you can handle it alone or if you need assistance. When in doubt, ask for help. Moving an object that is too heavy or bulky can cause severe injury.
  • Clear away any potential obstacles before carrying an object.
  • Use good foot positioning. Your feet should be shoulder-width apart.
  • Bend your knees. Bending over at the waist to reach for an object you want to lift puts strain on your back, shoulder and neck muscles.
  • Keep your arms and elbows as close to your body as you can while lifting.
  • Use your feet to change direction. Don’t twist your body.

Responding to a Workplace Accident

Accidents in the workplace can occur without warning, and it’s important to respond quickly to help those in need. In some cases, supervisors may not be around to provide the proper response guidance, and it’s up to employees to take action.

The following are some general tips to keep in mind if a co-worker is involved in a workplace accident:

  • Take control of the scene and try to restore order.
  • Call for emergency services if needed. Provide any immediate first aid, if you are qualified to do so.
  • Protect co-workers from potential secondary accidents. You can accomplish this by dismissing unnecessary personnel and denying access to the area.
  • Identify people at the scene. If they witnessed the incident, be sure to make a note of their names, as they can provide a report on what happened at a later date.
  • Notify upper management of the issue.
  • Do not put yourself in harm’s way.

Following an accident, follow up with your supervisor to ensure the appropriate paperwork is completed. Supervisors may require you to file an accident report or further detail what happened.

If you have any ideas of how the accident could have been avoided, share them with your supervisor or at a safety meeting. If your workplace does not have a first responder program in place, it may a good idea to suggest it to your employer.

Trained first-aid responders can provide immediate care to workers who become ill or injured on the job. The quick response and training of these individuals can make all the difference following an accident.

Common First-Aid Kit Supplies

  • Sterile Saline Solution
  • Antibiotic Ointment
  • Gauze and Wraps
  • Scissors
  • Tweezers
  • Disposable gloves
  • Asprin

Newsletter Provided by: Hierl's Property & Casualty Experts

Download full newsletter


4 actions HR departments should take to prepare for GDPR

In this article from Benefits Pro, we are going to take a look at the top four actions HR departments should take to prepare for GDPR. Continue reading:

A few years ago, Mark Cuban famously advised that data is the new gold. However, things have changed since the Cambridge Analytica and Facebook scandal as the public has become increasingly concerned with how companies are using their personal information.

As businesses prepare for the arrival of the General Data Protection Regulation (GDPR), leaders could be forgiven for thinking that data can become more of a liability than an asset – depending on its handling.

GDPR is a much-needed update to data protection that aims to strengthen and unify security for everyone in Europe. The legislation goes live on May 25, 2018 and will enforce all businesses to secure and manage the personal data of all individuals living within the European Union.

After years of gathering data, we are now entering a new era where trust and transparency are the new global currency. GDPR will affect all businesses that store any aspect of personally identifiable information of all individuals, both customer and employee, living in the EU, whether or not that business has an office there.

The scope of GDPR includes employee data, so it directly affects HR departments. As a result, companies need to update processes around the lifecycle of basic employee personal data such as health information and family details.There are many resources surrounding the topic; some on which include free, user-friendly materials published by the EU governments in addition to those that act as “scaremongers” seeking to try to trick companies into paying for compliance help. What makes it most difficult for HR professionals is interpreting the rule, which was written broadly to address any type of personal data and applying it to employee data and HR practices, specifically. Compliance cannot be achieved overnight or ready for the big “go live” in May either. An entirely new way of working to understand where every aspect of data is obtained, how it is used, and where it is stored needs to be put in place. In short, this is not a job for the IT department alone, but rather requires a highly collaborative effort across the company. Silos will need to be broken down to efficiently unify all departments such as sales, marketing, finance, IT, and legal to understand the scale of how much data businesses are actively storing. But what do HR professionals need to know?

1. Create new or updated privacy policies
New privacy policies likely need to be created and implemented to reflect the new rights of employees. Equally, all existing policies should to be reviewed to determine which ones require updating to fall in line with GDPR’s transparency and accountability requirements.

In addition, a key difference between the current EU data rules and the GDPR is the emphasis on individual rights. Employees can now request that their data be completely erased at any time or request a copy of their data thats on file. HR teams need to be prepared to uphold these demands.

2. Revisit outdated processes
Reviewing HR processes, like onboarding a new employee, will help reveal what data you’re collecting that you don’t necessarily have a need for. Minimization is key to successful GDPR compliance; less is more. Implementing minimization will likely require you to update protocols and rethink processes that include the requesting of personal data from employees. For example, the onboarding and transfer of employees will need to be revisited to ensure that data collection practices meet GDPR requirements. You may also need to revisit your record retention policies and processes for ex-employees.

Ask your partners and vendors for their GDPR and compliance plan as risk is shared when they handle employee data on your behalf…

3. Allow data access only to those who really need it
The rise of shadow IT and sensitive data being increasingly stored in the public cloud combined with malware in cloud SaaS applications are the more significant concerns. CIOs and IT leaders now have the power to implement stronger cybersecurity and secure data-management policies that will protect personal data now and in the future. Security elements of the legislation demand that appropriate technical and organizational measures are taken to ensure all employee data is kept safe. HR’s responsibility is to ensure that only those who need access to personal data to do their job have access to it. Making sure that the right people have the appropriate access levels within a digital HR platform – or keys to the file cabinet – is the secret to successful compliance.

4. Centralize your employee file management
Learning about and documenting every element of employee data, where it is stored, and who has access is a process made much easier with centralized digital files. Going forward, a digital system makes it possible for HR to implement and internally audit procedures that will ultimately provide them with the visibility into compliance as well as potential vulnerabilities. GDPR and employee expectations means companies need to shift from a reactive to a proactive approach. A digital system is necessary to enable HR with visibility across their data, securely manage access to the data and implement at scale and policy changes.. With GDPR, the stakes are increasing yet again for companies; HR now must think about collecting the least amount of data they need to get the job done and being completely transparent around its usage, rather than burying this information in complicated terms and conditions. Sure, this will dramatically change the way companies globally deal with EU citizens’ data, but it’s something to be embraced rather than feared. By showcasing implementation of these new data protection practices, a brand can actually build its reputation. While board members might fear the ramifications of the GDPR, we all know that the breach of company data is something far worse. For these reasons alone, GDPR should be seen as an opportunity for every employee to focus on protecting their personal data or at least understanding their responsibilities. And for employers, take this opportunity to become more open to a review of outdated practices and investing in and building technology that can complement this forward thinking approach. Data protection compliance is now an on-going priority and its beneficial for all to take seriously.

Source:
Gouchan A. (4 May 2018). "4 actions HR departments should take to prepare for GDPR" [web blog post]. Retrieved from address http://bit.ly/2wl6ZwU


Safety Focused Newsletter - March 2018

Health Tips for Shift Workers

For shift workers, unconventional schedules can take a toll on health and safety. In fact, research shows that people who sleep during the day often struggle with getting an adequate amount of rest.

What’s more, workers on a shift schedule tend to have poor eating habits and lack regular exercise, which can contribute to fatigue and stress. To combat these adverse health factors, shift workers should consider doing the following:

  • Get enough rest before your shift begins. Eating well and getting plenty of exercise can help you sleep. If you are experiencing insomnia or other sleep issues, speak with your doctor.
  • Take frequent breaks. If you begin to feel drowsy during the workday, consider going for a short walk or eating a healthy snack to re-energize.
  • Hold your employer accountable when it comes to rotating schedules. Working one shift over and over can take a toll, and it’s important to have occasional variety.

It’s important to be mindful about your scheduling, and avoid permanent or consecutive night shifts whenever possible. In addition, employees should be allowed to gradually change from night shifts to normal shifts, as this gives the body time to recover and adapt to a new schedule.

Fatigue due to poor quality or lack of sleep can affect every aspect of an individual’s life, and can severely hamper one’s ability to perform at work. Speak to a doctor if you are concerned about the quality of your sleep or want more general health tips.

Download the PDF


CenterStage: February is American Heart Month - Are Your Loved Ones Knowledgeable?

Heart disease is the leading cause of death for men and women in the United States. Every year, 1 in 4 deaths are caused by heart disease, according to the American Heart Association.

Talking with your loved ones about heart disease can be awkward, but it’s important. In fact, it could save a life. At the dinner table, in the car, or even via text, have a heart-to-heart with your loved ones about improving heart health as a family. Engaging those you care about in conversations about heart disease prevention can result in heart-healthy behavior changes.

Source: Wellness Layers (27 June 2017). Retrieved from http://www.wellnesslayers.com/june-2017-american-heart-association-launched-its-new-heart-and-stroke-patient-support-network-and-patients-registry-powered-by-rmdy/

Here are three reasons to talk to the people in your life about heart health and three ways to get the conversation started.

Three Reasons You Should Talk to Your Loved Ones About Heart Health

#1. More than physical health is at risk

Millions of people in the US don’t know that they have high blood pressure. High blood pressure raises the risk for heart attacks, stroke, heart disease, kidney disease and many other health issues. Researchers are learning that having high blood pressure in your late 40s or early 50s can lead to dementia later in life. Encourage family members to be aware of blood pressure levels and monitor them consistently.

 

#2. Feel Younger Longer

Just as bad living habits can age you prematurely and shorten your lifespan, practicing good heart healthy habits can help you feel younger longer. On average, U.S. adults have hearts that are 7 years older than they should be, according to the Center for Disease Control and Prevention. Just beginning the conversation with the people in your life that you care about can begin to make changes in their heart health.

 

#3. You Are What You Eat

Even small changes can make a big difference. Prepare healthier versions of your favorite family recipes by making simple ingredient swaps, simply searching the internet is all it usually takes to find an easy ingredient alternative. Find a new
recipe to cook for your family members, or get in the kitchen together and you’ll finish with something delicious and possibly making some new favorite memories as well. When grocery shopping, choose items low in sodium, added sugar, and trans fats, and be sure to stock up on fresh fruits and vegetables.

Three Ways to Start the Conversation

  1. Encourage family members to make small changes, like using spices to season food instead of salt.
  2. Motivate your loved ones to incorporate physical activity into every day. Consider a family fitness challenge and compete with each other to see who can achieve the best results.
  3. Avoid bad habits together. It has been found that smokers are twice as likely to quit if they have a support system. This applies to practicing healthier practices as well. Set goals and start by making small, positive changes, chances are they may have a big difference.

The key to heart health is a healthy lifestyle. It’s important to try to let go of bad habits that increase your risk of heart disease. By setting small, achievable goals and tracking those goals, you can possibly extend your life expectancy a little bit each day.

Heart disease can be prevented by making healthy choices and consciously monitoring health conditions. Making healthy choices a topic of conversation with your family and loved ones is a great way to open the door to healthier practices in all walks of life.

Download the PDF

SaveSave


Understanding W-2 Reporting under the ACA

From our partner, UBA Benefits, let's take a look at W-2 Reporting under the ACA (Affordable Care Act) and how to better understand it:


The ACA requires employers to report the cost of coverage under an employer-sponsored group health plan. Reporting the cost of health care coverage on Form W-2 does not mean that the coverage is taxable.

Employers that provide "applicable employer-sponsored coverage" under a group health plan are subject to the reporting requirement. This includes businesses, tax-exempt organizations, and federal, state and local government entities (except with respect to plans maintained primarily for members of the military and their families). Federally recognized Indian tribal governments are not subject to this requirement.

Employers that are subject to this requirement should report the value of the health care coverage in Box 12 of Form W-2, with Code DD to identify the amount. There is no reporting on Form W-3 of the total of these amounts for all the employer's employees.

In general, the amount reported should include both the portion paid by the employer and the portion paid by the employee. See the chart below from the IRS' webpage and its questions and answers for more information.

The chart below illustrates the types of coverage that employers must report on Form W-2. Certain items are listed as "optional" based on transition relief provided by Notice 2012-9 (restating and clarifying Notice 2011-28). Future guidance may revise reporting requirements but will not be applicable until the tax year beginning at least six months after the date of issuance of such guidance.

  Form W-2, Box 12, Code DD
Coverage Type Report Do Not
Report
Optional
Major medical X    
Dental or vision plan not integrated into another medical or health plan     X
Dental or vision plan which gives the choice of declining or electing and paying an additional premium     X
Health flexible spending arrangement (FSA) funded solely by salary-reduction amounts   X  
Health FSA value for the plan year in excess of employee's cafeteria plan salary reductions for all qualified benefits X    
Health reimbursement arrangement (HRA) contributions     X
Health savings account (HSA) contributions (employer or employee)   X  
Archer Medical Savings Account (Archer MSA) contributions (employer or employee)   X  
Hospital indemnity or specified illness (insured or self-funded), paid on after-tax basis   X  
Hospital indemnity or specified illness (insured or self-funded), paid through salary reduction (pre-tax) or by employer X    
Employee assistance plan (EAP) providing applicable employer-sponsored healthcare coverage Required if employer charges a COBRA premium   Optional if employer does not charge a COBRA premium
On-site medical clinics providing applicable employer-sponsored healthcare coverage Required if employer charges a COBRA premium   Optional if employer does not charge a COBRA premium
Wellness programs providing applicable employer-sponsored healthcare coverage Required if employer charges a COBRA premium   Optional if employer does not charge a COBRA premium
Multi-employer plans     X
Domestic partner coverage included in gross income X    
Governmental plans providing coverage primarily for members of the military and their families   X  
Federally recognized Indian tribal government plans and plans of tribally charted corporations wholly owned by a federally recognized Indian tribal government   X  
Self-funded plans not subject to federal COBRA     X
Accident or disability income   X  
Long-term care   X  
Liability insurance   X  
Supplemental liability insurance   X  
Workers' compensation   X  
Automobile medical payment insurance   X  
Credit-only insurance   X  
Excess reimbursement to highly compensated individual, included in gross income   X  
Payment/reimbursement of health insurance premiums for 2% shareholder-employee, included in gross income   X  
Other situations Report Do Not
Report
Optional
Employers required to file fewer than 250 Forms W-2 for the preceding calendar year (determined without application of any entity aggregation rules for related employers)     X
Forms W-2 furnished to employees who terminate before the end of a calendar year and request, in writing, a Form W-2 before the end of the year     X
Forms W-2 provided by third-party sick-pay provider to employees of other employers     X

 

Source:

Capilla D. (21 December 2017). "Understanding W-2 Reporting under the ACA" [web blog post]. Retrieved from address http://blog.ubabenefits.com/understanding-w-2-reporting-under-the-aca


Safety First - January 2018

According to NORC at the University of Chicago, 75 percent of the Americans affected by substance abuse are active in the workforce, and they’re more likely to seek treatment if it is initiated by their employer. Jan. 22-28 is National Drug and Alcohol Facts Week. Take this opportunity to educate your employees about the dangers of substance abuse with these and many more employee communication safety resources available from Hierl Insurance Inc.:

Playing It Safe

Struggling with Drugs or Alcohol? If you recognize that you have a problem with using drugs or alcohol, you have already completed the most important step on your road to recovery. Attempting to do your job well while dealing with your problem is very difficult—but you’re not alone. Of those over age 18 abusing drugs or alcohol, it is estimated that more than 70 percent hold down full- or part-time jobs.

Payroll Stuffer

How Does Substance Abuse Affect the Workplace? Drug or alcohol abuse in the workplace impairs your senses and judgment, putting both your job and your coworkers at risk. It has a negative affect on relationships, health care costs, productivity, and workplace safety.

If you are struggling with a drug or alcohol problem, confidential help is available. Take the first step on the road to recovery by contacting your HR representative today.

Playing It Safe

Dealing With Depression. Everyone feels sad or down at one time or another. For most, this feeling passes within a few days or weeks. But when a loss of interest in normal activities and feelings of sadness persist for a longer period, it may indicate more serious conditions, including depression.

Lifestyle Lessons

Treating Lower Back Pain. Lower back pain is one of the most agonizing and common health conditions in the world, as well as a leading cause of disability. According to the American Chiropractic Association, 1 in 4 adults will experience lower back pain for at least one day during a three-month timespan.


CenterStage: Effective Employee Benefit Communications

Welcome to our very first CenterStage of 2018! We hope you all had a warm, happy New Year. In this month’s CenterStage, we spoke with Tonya Bahr and Scott Seaton on some helpful tips on “Effective Employee Benefit Communications”.

It is not a one size fits all approach, each group needs to take a look at their population and decide what is best for them.”  -Tonya Bahr, Hierl Employee Benefit Advisor.

  • Emails are efficient for targeting professional staff, especially companies that have companywide email addresses.
  • Letters or texts are the best way to communicate with field or labor employees.
  • A popular way to communicate is by meeting, whether it be a webinar or seminar. Often, companies will mandate that their employees attend informational sessions discussing benefits offered. This allows our clients to efficiently communicate a consistent message out to employees to help understand their benefits.

Paper VS Digital communications

Okay, not really because it’s not a competition!

An online approach works really well for employees but it is also very important for the spouses to be engaged as well. We typically follow up the meetings with a deliverable the employee can bring home to their spouse. This not only allows the spouse to learn more about the benefits available to them, but it also reinforces what was covered in the meeting for the employee.”

-Tonya Bahr

Potential Impact of Good Communication

Good things come to those who wait…. except when understanding your benefits. The sooner employees become educated on why they have unique benefits, the sooner they will put them to use!

Those who don’t understand benefits, don’t utilize them correctly. They are not good consumers of health care.” – Scott Smeaton, Hierl Executive Vice President.

It is important to understand your employee benefits not only for your own health reasons, but also so that you are able to recognize why your employer offers the unique benefits they do.

What differentiates Hierl and how they help effectively communicate benefits?

At Hierl, we look at each client as unique. What works best for one may not be ideal for another. It’s about really being able to understand the culture and provide different communication options such as presentations, visuals, emails, and website.

Hierl shines when it comes to giving employers/employees access to all forms of communication, specifically in the communication campaigns run throughout the year. By assessing the necessary points to communicate and then building quarterly and monthly campaigns around these objectives, Hierl brings unique, strategic solutions to explaining employee benefits. The evidence of communication strategies at work is apparent in the results gathered from clients.

One of the ways companies can measure the success of their program is to measure employee satisfaction. By measuring employee satisfaction after communication campaigns, findings show that the more regularly benefits are communicated, the higher employee satisfaction goes up!” – Scott Smeaton

3 Key Points on Communicating Benefits

  1. Keep it simple- (no explanation needed!)
  2. Try different avenues- one person may prefer email while another prefers paper
  3. Communicate often- benefits communication should take place all year long

Editor’s Note: This article was originally published in August 2017 and was updated in January 2018 for accuracy.