HR Elements Content Provided by our Partner, United Benefit Advisors.
In an article from SHRM.org, Natalie Kroc addresses how technology is impacting security measures.
Original post from SHRM.org on June 16, 2016.
It wasn’t the latest gadget or platform or program that the speakers discussed at a recent conference session on how to keep teleworkers and remote workers connected. Instead, it was the most basic of modern technologies that kept being stressed:
E-mail. An Internet connection. Maybe a webcam (though this proved controversial).
“I am a Millennial, and I … primarily communicate through e-mail,” said Greg Caplan, founder and CEO of Remote Year, a year-old startup that has brought together a group of 75 people to travel the world while holding down various remote jobs. Caplan believes that, for work purposes, e-mail is still king.
The other panelists at the Telecommuting, Remote and Distributed (TRaD) Works Forum, held June 9-10 in Washington, D.C., agreed that the simplest of technologies can successfully keep offsite employees connected. TRaD refers to the different kinds of offsite employees: Telecommuters are those who work from home sometimes, remote workers do their entire jobs from home and a distributed workforce is when an organization doesn’t have a physical location so its employees all work remotely.
Employees who work offsite only need “an Internet connection. Anything else we can work around,” said Carol Cochran, director of people and culture for Boulder, Colo.-based FlexJobs, a job search site that focuses on telecommuting, part-time and other flexible work opportunities. FlexJobs was a co-host of the forum.
Organizations may want to consider providing their remote workers a cellphone with Internet capabilities as a backup. This all but guarantees that employees will be able to work—even if they are having difficulties with their home Internet connection.
A chat function can be useful as well, if the work that employees are doing would benefit from the ability to reach out and have real-time conversations.
Many organizations that employ remote workers have the routine of a “daily huddle” or something similar, wherein employees are expected to check in at the start of the day, whether in a brief meeting or by writing their day’s plans in a shared document.
When an organization’s workforce is made up of remote or teleworking employees, or a mix of offsite and onsite workers, it’s especially important to use the time when everyone gets together effectively. Meetings should be “30 minutes, if not 15 minutes, instead of an hour,” Cochran said. If certain employees are inclined to speak for long periods of time, establish a time limit—and then stick to it.
Video: Love It or Hate It
“I hate video,” Cochran said. “I’m really reluctant to put it on, it’s so awkward.” FlexJobs uses it only rarely, and even then it’s often for social occasions. Cochran said she has found that workers become preoccupied knowing they are being viewed on screen, and worry about their hair and clothes and background surroundings.
This was a point of fierce contention among the panelists and forum attendees alike, though. Some organizations believe that video is essential, and that any initial awkwardness that employees may feel will disappear with habitual use.
Alex Konanykhin, CEO of Transparent Business, a platform that aims to help companies that employ teleworkers and freelancers, offered a solution: Get the organization’s leaders to work from home—and to exercise right before the meeting. When they dial in, they should be in full post-workout gear, including messy hair or a baseball cap. “All it takes is one time” of seeing that, he said, to have a workforce that can be comfortable with being on screen.
Video is a way of giving voice to remote workers and “making them feel part of the organization,” he added.
For those organizations that decide to incorporate webcams into the remote-worker experience, the panelists had some advice:
Adopt New Tools Cautiously
The speakers had their individual favorites among newer technologies, such as messaging app Slack, electronic signature platform DocuSign, Google Drawings for collaborating on charts and diagrams, and Zoom for streamlining remote communications. However, the panelists also derided many new offerings as being unnecessarily confusing and others for seeming to be more about entertainment than practical application.
Tools that are adopted by an organization need to be fully embraced by both remote and onsite workers, the speakers agreed. “When you take on a tool, you have to have a very clear expectation of how it is to be used,” Caplan said. “And that’s just culture.”
That said, it’s important for organizations to pick their tools wisely. Each new tool should represent an improvement from whatever employees were using before to accomplish a particular task. And while entertainment shouldn’t be a priority, each new tool should make employees’ jobs easier, the panelists said.
“Why do people love Facebook?” asked Konanykhin. “It’s instant gratification.” Employees expect the same ease of use and sense of satisfaction with the tools they use for work.
Natalie Kroc is a staff writer for SHRM.
See the original article here.
Kroc, N. (2016, June 16). Rethinking the modern accumulation of techonology [Web log post]. Retrieved from https://www.shrm.org/ResourcesAndTools/hr-topics/technology/Pages/Rethinking-the-Modern-Accumulation-of-Technology.aspx
Do you have a collection? Some people collect baseball cards, Barbie® dolls, or comic books. Others collect PCs, laptops, tablets, smartphones, and wearable technology. And those with mobile devices often collect apps. Is there anything wrong with that? Well, yes and no depending on whether you telecommute to work.
An article titled, “Rethinking the Modern Accumulation of Technology,” on the Society for Human Resource Management’s website references a technology discussion at a conference where they brought up how much technology is necessary for remote workers. The answer was as little as possible, not because of cost, but because of security.
As more and more devices, buildings, appliances, and even vehicles become connected to the Internet and share data, sometimes known as the “Internet of Things,” it opens up more ways for hackers to break into a network. Look around your home and add up everything that has Internet access. You may just have a laptop, tablet, and smartphone, but what about your spouse and your kids? There could be dozens of these devices and, depending on convenience, you may grab one to use for work that is not as secure as it should be.
Consider this situation. You’re at a restaurant when all of a sudden the boss calls and urgently needs a document. Your company-provided smartphone is almost out of battery power, or doesn’t have enough to perform the task. Fortunately, one of your kids has his or her smartphone with them and it’s fully charged. “I’ll just use theirs,” you think without hesitation, but have now just unknowingly introduced a potential hole in your company’s network security.
David Goldstein digs into what are the biggest challenges in getting employees engaged. See what his findings are in the article below.
Original Post from SHRM.org on July 5, 2016
As a company that works with HR leaders and executives who are looking to build stronger teams within their organizations, naturally, employee engagement is a topic that is near and dear to us. It’s a term that’s been buzzing over the past couple of years as organizations search high and low for the perfect formula to decrease turnover, increase enthusiasm and maximize productivity amongst employees.
With countless views on ways to increase employee engagement abound, we wanted to take a look at the other side of things and identify specific barriers that business owners and managers are facing. We surveyed 500 small-mid sized business owners and managers across the US and asked them to identify the number one challenge when it comes to getting employees engaged. These respondents either own or manage a business with fewer than 100 employees. Here’s what they said.
1. (31%) GETTING EMPLOYEES OFF THEIR PHONES
Turns out, when it comes to small businesses, forget the more complex problems of increasing engagement amongst virtual workers or getting multigenerational workers to integrate into cohesive teams. Owners and managers at small businesses face a much simpler problem: getting employees to put down their phones! Is it really a surprise that the majority of respondents reported this as their biggest challenge?
Mobile devices have turned us into screen-addicts, averting our eyes and attention at a startling rate. This is an especially big problem when we begin to look at low wage jobs and positions in rural areas. Small business owners and managers that are making less than $24,000 themselves a year, or those living in rural areas, were the most likely to list it as their biggest employee engagement problem (44%).
Young business managers also find it most difficult to get workers off their phones with 34% of 18-34 year olds reporting it as their largest roadblock to employee engagement. Workers phones are consistently integrated into both personal and work life so it’s hard to incentivize workers to step away from the device and into a conversation with fellow employees. Especially when 74% of employers report that their organization use or plan on using a BYOD program (bring your own device), the odds of getting distracted with social media or unrelated apps get higher and higher.
Finally, women managers and small business owners (34%) were more likely than men (28%) to note that getting employees off their phones was the biggest challenge in getting them engaged. One potential solution to this problem that HR teams can leverage? Embrace employees’ device addictions rather than trying to cure them. For example, utilizing mobile scavenger hunts or mobile-friendly engagement surveys can help build a compromise and solution to the over-used phone issue. And if that doesn’t work, you can always just create a policy.
2. (24%) HIGH TURNOVER & GETTING NEW HIRES ENGAGED
Losing employees more frequently in the worker-friendly job market and having to get new employees engaged more often is also a considerable issue for small business owners and managers. It’s most pressing in rural areas (29%), where it’s probably harder to find new talent that fits with an organization.
Turnover rates as a barrier to employee engagement were of most concern to managers and business owners in the midwest and south regions, and of least concern to those in the northeast.
That’s one reason it’s important to factor company culture into the interview process to ensure the fit is right. Then, get creative with the flexibility options for your employees. In other words, give your employees reason to stay. Then work on their engagement from there.
3. (23%) GETTING MULTIGENERATIONAL EMPLOYEES ENGAGED
The third most pressing issue for small business owners and managers is the battle between Boomers, Gen X’ers and Millennials being waged within multi-generational workplaces.
Generational differences can be a stumbling block that hinders employee engagement within an organization. On one hand, you have 45% of Baby Boomers & Gen X complaining about millennial’s lack of managerial experience while, on the other hand, you have millennials who just want flexibility and fun.
It was interesting to see that getting multigenerational employees engaged was actually the most pressing employee engagement issue (28%) for respondents that were 35-44 years old. These folks find themselves toeing the line between the two diverging generations in the workplace.
So what’s the best thing to do in this situation? Find common ground. Satisfy both sides by creating activities that everyone can partake in. Food and laughter are pretty effective across generational lines. So is getting outdoors in the summer!
4. (22%) GETTING REMOTE AND VIRTUAL WORKERS ENGAGED
While the trend of remote working was the least pressing challenge for respondents, there were groups that found it more challenging than others. Managers and owners that earn more than $150,000 a year (presumed to be working within larger organizations) found it to be the biggest hurdle to achieving employee engagement (43%).
While sweet in the sense that it breeds more freedom for workers around the world, its lack of in-person interaction can become a bitter challenge for many companies seeking strong employee engagement. In fact, 65% of remote employees report that they have never had a team-building session.
To address this issues, owners and managers may want to embrace the small talk and chit-chat online. When workers aren’t in the same office they don’t have the interactions that allow them to truly relate to each other on a personal level. Opening up internal communication platforms like Slack and HipChat, and encouraging workers to express themselves outside of work dialogue (hello GIF’s!) is important.
Another idea? Coffee Shop Days! While remote workers and work-from-home freelancers may appreciate their time outside the office, they can become bored and lonely. If you have workers on your team working remotely, consider suggesting a Coffee Shop Day once a month where you have managers work alongside the remote team members for the day. Finally, there are actually virtual team building and engagement activities out there that stimulate a day in the life of a virtual team.
See the full article and infographic here.
Goldstein, D. (2016, July 5). Put down your iPhone! The biggest hurdles to employee engagemet [Web log post]. Retrieved from http://blog.shrm.org/blog/put-down-your-iphone-the-biggest-hurdles-to-employee-engagement.
Interesting read by Rae Shanahan highlighting how technology can be incorporated into your wellness plan. See the full article below.
Original Post from BenefitsPro.com on July 14, 2016
As smartphones become more entrenched in our daily lives, the wellness technology industry has exploded to more than $8 billion, driven largely by wearable devices and more than 160,000 wellness-relatedmobile apps.
Employers are capitalizing on the tech advances, making workplace wellness programs more digital, social, and connected.
Particularly as more mobile-focused millennials enter the workforce, companies are expanding web-based competitions and incentives for getting physically healthy.
Programs that allow employees to track FitBit data and awarding prizes for workers with the highest monthly step totals are becoming much more common. Even savvier companies are tying wellness to their overall benefits offerings, offering employees the chance to compete for an extra vacation day by reducing their body fat percentage.
Wellness plans encourage employees to live healthier, happier lifestyles. With perks like these, sign us up.
While these incentivized programs are developed with the best of intentions to encourage employees toward better health habits, the unintended consequence is backlash from employees who are wary of revealing personal health data — especially on the internet.
Also, those employees who find themselves at the bottom of the online leaderboard may feel discouraged and demoralized, the opposite of an employer’s objective. Moreover, there is a concern that incentivized wellness programs tend to penalize those who don’t participate or are less successful.
Obviously, employers don’t want to disregard employees who don’t feel comfortable sharing sensitive health information. If employees don’t feel comfortable sharing these personal details with their employer, they should still have the opportunity to chase the incentives, and ultimately benefit from the wellness program.
Keeping all employees in mind, there are three keys to creating successful, employee-centric wellness programs that increase engagement while respecting privacy concerns.
A simple but effective first step is to survey employees on their thoughts and concerns around wellness programs. Providing employees a platform to voice their opinions allows employees to feel heard and for employers to empathize with their workforce while developing wellness programs. This step conveys the care and effort behind creating employee-centric programs that give everyone the opportunity to participate.
According to Businessolver’s Workplace Empathy Monitor, 1 in 3 employees would switch companies for equal pay if the other employer was more empathetic. The research reveals that embedding empathy in the workplace operations, such as wellness programs, is a key factor aspect of building trust and loyalty with employees.
At the end of the day, workplace wellness programs are designed to encourage a healthy lifestyle — not win points or prizes — and it’s important to keep that end goal in mind.
For example, rather than a competition to lower employee body weight or BMI, employers can instead offer employees a free yoga class once a week. This allows employees to participate in a healthy activity while connecting with colleagues, without having to worry about revealing personal and private information.
Being flexible with wellness programs is an empathetic behavior that broadens the circle of those wanting to participate, maintains the end goal of improving health, and ultimately benefits a company in recruiting and retention.
Of course, the most fun, effective, and empathetic program does no good if employees don’t know about it and aren’t engaged.
So, the most beneficial step employers can take in creating a wellness program is effectively communicating with all employees that the program is open, what is necessary to participate, and keeping feedback channels open.
Make sure employees are completely briefed — maybe develop and share one-pagers for employees to quickly reference. Also, it’s imperative to provide an onsite contact who can be a champion for the program and answer any employee questions or concerns. With this, trust is built between employers and employees, and a wellness program has a stronger chance of succeeding right from the start.
Read original article here: http://www.benefitspro.com/2016/07/14/3-keys-to-creating-an-employee-centric-wellness-pl?ref=hp-in-depth&page_all=1
Shanahan, R. (2016, July 14). 3 keys to creating an employee-centric wellness plan [Web log post]. Retrieved from http://www.benefitspro.com/2016/07/14/3-keys-to-creating-an-employee-centric-wellness-pl?ref=hp-in-depth&page_all=1
Original Post from KHN.org
By: Phil Galewitz
On the day abdominal pain and nausea struck Jessica Christianson at the office, she discovered how far telemedicine has come.
Rushing to a large kiosk in the lobby of the Palm Beach County School District’s administrative building where she works, Christianson, 29, consulted a nurse practitioner in Miami via two-way video. The nurse examined her remotely, using a stethoscope and other instruments connected to the computer station. Then, she recommended Christianson seek an ultrasound elsewhere to check for a possible liver problem stemming from an intestinal infection.
The cost: $15. She might have paid $50 at an urgent care center.
The ultrasound Christianson got later that day confirmed the nurse practitioner’s diagnosis.
“Without the kiosk I probably would have waited to get care and that could have made things worse,” she said.
Endorsements like Christianson’s demonstrate how technology and positive consumer experiences are lending momentum to telemedicine’s adoption in the workplace.
Less than a decade ago, telemedicine was mainly used by hospitals and clinics for secure doctor-to-doctor consultations. But today, telemedicine has become a more common method for patients to receive routine care at home or wherever they are — often on their cellphones or personal computers.
In the past several years, a growing number of employers have provided insurance coverage for telemedicine services enabling employees to connect with a doctor by phone using both voice and video. One limitation of such phone-based services is physicians cannot always obtain basic vital signs such as blood pressure and heart rate.
That’s where telemedicine kiosks offer an advantage. Hundreds of employers — often supported by their health insurers — now have them installed in the workplaces, according to consultants and two telemedicine companies that make kiosks, American Well and Computerized Screening, Inc.
Employers and insurers see the kiosks as a pathway to delivering quality care, reducing lost productivity due to time spent traveling and waiting for care, and saving money by avoiding costlier visits to emergency rooms and urgent care facilities.
Jet Blue Airways is adding a kiosk later this year for its employees at John F. Kennedy International Airport in New York. Other big employers providing kiosks in the workplace include the city of Kansas City, Missouri.
Large health insurers such as Anthem and UnitedHealthcare are promoting telemedicine’s next wave by testing the kiosks at worksites where they have contracts.
Anthem has installed 34 kiosks at 20 employers in the past 18 months. John Jesser, an Anthem vice president, said kiosks are a good option for employers too small or disinclined to invest hundreds of thousands of dollars in creating an on-site clinic with doctors and nurses on standby.
“This technology should make it more affordable for employers of many sizes,” Jesser said.
Kiosks are typically used for the same maladies that lead people to see a doctor or seek urgent care — colds, sore throats, upper respiratory problems, earaches and pink eye. Telemedicine doctors or nurse practitioners can email prescriptions to clients’ local pharmacies. Employees often pay either nothing or no more than $15 per session, far less than they would pay with insurance at a doctor’s office, an urgent care clinic or an emergency room.
Despite kiosks’ growing use in telemedicine, it’s unclear whether they will be supplanted as smartphones, personal computers and tablets enable people to access health care anywhere with a Wi-Fi connection or cell service. Some employers already offer kiosk and personal device options, including MBS Textbook Exchange in Columbia, Missouri, which has 1,000 workers.
Workplace kiosks’ appeal is they are quiet, private spaces to seek care. Consumers can get their ailments diagnosed remotely because the kiosks are equipped with familiar doctors’ office instruments such as blood pressure cuffs, thermometers, pulse oximeters and other tools that peer into eyes, ears and mouths. The instrument readings, pictures and sounds are seen and heard immediately by a doctor or nurse practitioner.
“The kiosk gives the doctor more tools to diagnose a wider range of conditions,” Anthem’s Jesser said.
The downside is that the machines cost $15,000 to $60,000 apiece, which may still be too much for some employers.
“Telemedicine kiosks look promising and may still take off, but I don’t see explosive growth,” said Victor Camlek, principal analyst with Frost & Sullivan, a research firm.
Employers’ experiences are mixed.
Officials in Kansas City, Missouri, estimate the kiosk placed in city hall almost a year ago has saved the local government at least $28,000. That’s what Kansas City hasn’t spent because employees and dependents chose the telemedicine option instead of an in-person doctor visit. The city also estimates it has gained hundreds of productive work hours — that’s the time employees saved by not leaving work to see a doctor.
In contrast, fewer than 175 of the 2,000 employees at the Palm Beach County School District headquarters have used the kiosk there in its first year, said Dianne Howard, director of risk management.
Howard remains hopeful: “This is the future of health care.”
The district’s kiosk was supplied at no cost by UnitedHealthcare, as part of a test also involving two other employers in Florida.
Those kiosks connect employees to nurse practitioners at Nicklaus Children’s Hospital in Miami. The hospital employs an attendant at each kiosk location to help workers register and use some of the instruments, such as the stethoscope.
Other telemedicine kiosks, such as those made by America Well, are designed to be totally self-service for employees. They also offer users immediate access to a health care provider. American Well has deployed about 200 kiosks and is in midst of rolling out 500 more, mostly to employers, the company said. It also places kiosks in retail outlets and hospitals.
Telemedicine’s increasing sophistication is winning over some traditional-minded physicians.
The WEA Trust in Madison, Wisconsin, a nonprofit that offers health coverage to public employers, installed a kiosk for the benefit of its 250 workers last fall.
Dr. Tim Bartholow, a family doctor by training and chief medical officer for the trust, said he was cautious about physicians treating patients they haven’t seen in person. After observing employees using it, Bartholow is convinced it can help them get good care.
“I don’t think telemedicine is making a doctor being on site quite agnostic, but it is certainly reducing the premium on being in the same space as the patient,” Bartholow said.
Insurers declare they are moving carefully, too, recognizing that telemedicine has its limits and they must depend on practitioners to tell patients when they have to see a doctor — in person.
“We have to rely on their experience and judgment,” Jesser said.
Original Post from BenefitsPro.com
By: Tom Pohl
There are reports of data breaches in the news every week, impacting a range of organizations and industries. These cyberattacks are costing businesses, both large and small, a great deal to resolve — from financial expenses to IT and legal resources to reputation recovery efforts.
According to a new study by the Ponemon Institute, data breaches are costing the health care industry $6.2 billion annually. Nearly 90 percent of health care organizations were victims of a breach in the last two years, raising concern for patients, employees, and others involved in the health care system.
Today, the leading cause of health care data breaches are targeted criminal attacks that seek to place valuable personal information into the hands of malicious actors. The personal information given out to health care organizations can be some of the most valuable to cybercriminals. For example, when enrolling in benefits, the information submitted can include patient names, family history, Social Security numbers, and billing information.
It’s important to also note that not all breaches are malicious. Human error is often a cause of breaches, asCompTia’s International Trends in Cybersecurity report found the 58 percent of security breaches are typically due to human error.
So what can benefits administration technology providers do to keep sensitive data secure from human error and malicious threats?
Conduct extensive user testing on your security systems
Implementing user testing through a third party vendor allows benefits administration technology providers to discover gaps or holes in their security systems. This can be done via a user testing group, which is comprised of individuals trained to discover the predominant methods that cybercriminals would abuse to compromise web-based applications.
The group is given a platform with authorized access and fake scenarios, all set up to act as if the system was running as usual. As these experts go into the system and know what areas to try and hack, the organization is able to develop plans to combat or repair these issues. User testing is similar to proofreading a paper; getting a second set of eyes on a program allows companies to see the full risks of its security system.
Educate employees on cyberthreats
As data breaches become a daily concern for IT departments, educating employees on the risks and dangers of cyberattacks becomes even more of a priority. Benefits administration technology providers need to prioritize educational resources and programs to teach employees how to spot potential cyberattacks, especially as they are handling their customers’ private information.
An effective and simple way to train employees on how to spot strange activity can be done via an email phishing awareness campaign. This involves delivering emails to employees with mocked up links or downloadable materials that, if real, would have the potential to open users’ accounts up to cyberattacks. Organizations should also consistently remind its employees to report any suspicious activity and to change their passwords regularly for a more secure system.
Automate processes to reduce the risk of human error
Recently, Google was in the news for a suffered data breach via its benefits provider. Yet the reason for this incident was human error, in which an email sender accidentally sent a document to the wrong contact. Fortunately for Google, the damage was limited, but human error is not always so forgiving.
With automation, benefits administration technology providers have the ability to decrease the chances of sensitive information getting into the wrong hands. This can be done by sending dummy files before sending the actual files to contacts. Another option is to implement triggers on email accounts when certain information is involved. For example, if a file is attached to the email, prompt the sender to confirm it is the correct file before sending. Implementing automation is a key factor in combatting human errors that could increase the risk of a cyberattack, especially when it comes to personal data.
Beware of the insider threat
While public perception is that these attacks result solely from the actions of malicious hackers outside of an organization, insider threats are a growing and serious concern. Vormetric’s 2015 Insider Threat Report reveals that over 90 percent of U.S. organizations believe they are vulnerable to insider threats such as stolen passwords or email spam. In fact, the National Association of Manufacturers released a statement in April 2016 stating the theft of trade secrets has cost businesses $250 billion per year.
Benefits administration technology may want to go a step further to ensure employees are operating in the correct space. Requiring background checks and limiting access to sensitive data will provide an extra level of security for patient, employee, and others’ personal information.
Original post benefitspro.com
When a cyber breach occurs, lawsuits are usually not far behind. It’s a chain of events that has become de rigueur in the consumer realm when retailers experience a breach and it is bleeding over into the workplace, too.
Employees whose data is exposed are increasingly pointing the finger at failings in the technology employers use to secure their information and lapses in protocols that allow vulnerabilities to be exploited.
Who is responsible if your employees’ personal information is stolen on company time? Where does the company’s obligations begin and end under the duty of care laws? How might state and federal breach regulations impact an organization’s proactive and reactive data security efforts?
How a breach happens and how the company responds both play a major role in determining the potential legal ramifications. To mitigate the risks, it is critical for HR professionals to understand their responsibilities before a cyber criminal strikes.
Many employers aren’t even aware of either the enormous security risks their organizations face or the best strategies to protect the employee data they hold.
Ensuring that employers have access to the right tools and expertise to address data breach concerns is an important role for benefits managers and the brokers and agents who support them.
Know the risks, have a plan
Financial information is what comes to mind most frequently when businesses consider where breach risks exist, but that thinking is too narrow. It overlooks the incredible value inherent in employee data. Not only does financial information lurk within HR’s employment records in the form of salary histories and bank routing numbers used for automatic deposits, but standard consumer data is also present.
Full names, birth dates, addresses and social security numbers exist in every employee’s file. Health and benefit data may be present, too, such as carrier names, subscriber numbers, or details on beneficiaries and dependents. And where there’s smoke, there’s fire. The same servers and systems that host employee and customer data, likely hold data pertaining to trade secrets, M&As, business plans, and more. All the more reason to get your company’s cyber strategy in gear.
Adding complexity to the situation is the fact that employers must be concerned with two types of data breaches — those that are the result of a purposeful act, such as a hacker or a malicious insider, and those that occur by accident. Lost laptops and cell phones are just one common example where an inadvertent exposure could easily happen.
Each flavor of breach represents a different risk profile and each requires its own mitigation measures. A two-pronged approach to breach prevention that marries technology and best practices enables employers to address any existing security gaps while also providing improved protection for employee data.
Deploying technology tools to safeguard sensitive information assets is one part of a comprehensive data security strategy that keeps employers in line with duty of care laws and other breach regulations.
Firms have a range of solutions to choose from and they should tailor their approach based on their network and infrastructure architecture, the information types that are vulnerable to exposure, the volume of data that must be protected, resource availability — from funding to staffing — and any regulatory guidelines or compliance mandates that must be considered.
Encryption is a perfect example of a technology that is relatively simple, but still enormously effective when it comes to securing employee data. Free and low-cost encryption platforms are available which can help to protect confidential information from unauthorized access even if a hardware item (thumb drive, laptop, etc.) falls into the wrong hands.
Other technology tools may also be appropriate depending on the employer’s needs, including firewalls, mobile device management software, and multi-factor authentication to protect access to more sensitive systems.
Security best practices are the second half of a successful data protection strategy. These protocols largely deal with the ways humans interact with the organization’s information and they also cover what to do in the event of a breach. Employers will want to manage network and data access in a way to limits who is able to view and change employee information.
Methodologies for storing, processing, analyzing, archiving, and destroying employee data should be documented in detail and anyone responsible for those tasks must be trained on the organization’s security practices.
An incident response plan is another best practice employers should include under the data security umbrella. This doesn’t need to an exhaustive plan, but it should outline the steps employees are to take if they suspect a breach has occurred — everything from blocking access to compromised servers to contacting the company’s privacy or information security employee or consultant. (Don’t have one? Here’s why you should.)
A strong plan can significantly limit the potential harm that is likely to fall upon any employee whose data was exposed. And as risks evolve, so should the incident response plan – it should be a living, breathing part of a comprehensive cyber strategy with routine reviews.
Retain the right expertise
Another concern often faced by employers, particularly those smaller organizations where internal resources are lean, is that they don’t have good insight into the evolving cyber threat environment and the latest data protection strategies.
Efforts to craft, deploy, and maintain an effective privacy and security program are made more difficult when industry expertise is lacking. Without a strong understanding of where security vulnerabilities exist, or which new threat vectors are likely to be of concern, employers could find themselves directing their limited resources in too many directions and without much effect.
Because many breach scenarios involve little or no technology — hard copies of completed enrollment forms accidentally left in a shared conference room, for example — simply turning responsibility for data privacy over to the IT function isn’t going to work. It’s important that employers are able to seek guidance from someone experienced in data protection in all its forms.
Continuously educate the front line
Employees themselves may pose potential security challenges, so continuous training is essential to protect a company’s own data and that of its customers. Companies should consider implementing educational sessions about new scams and privacy and security refreshers as part of their annual compliance training.
By partnering with employees to help protect their data, the organization can maximize its technology investment and ensure that everyone is committed to the company’s culture of security.
Social engineering schemes are increasingly popular among hackers, effectively turning the workforce into either an employer’s first line of defense or its greatest weakness.
The most recent spoof comes courtesy of a company’s top executive — or so the scammer wants you to think. An employee will receive a request from the CEO — either by way of a hacked email account or an email address that closely resembles the real thing — to cough up documents, usually W-2s. With a few clicks, countless data about a company’s employees has been exposed.
Rather than quickly react, employees should be trained that if they see something, say something.
Along with taking appropriate security measures internally, employers may also consider offering identity-related benefits to their employees. These packages bring a powerful suite of tools to the table that provide workers with proactive education and reactive support. Informational resources teach individuals how to spot corrupt websites and suspicious e-mail links.
They give details on what to look for when conducting annual credit report reviews. And workers concerned their personal data may have been exposed — whether at work or through a health care provider, retailer or other avenue — have access to identity theft experts able to help them navigate the resolution process.
The fraud team can assist them in replacing important documents that may have been lost due to theft, fire or flood. They can even monitor known black market websites to see if an employee’s stolen data is being used fraudulently.
Together, these strategies give employers a way to keep employees’ information safe while providing workers with assurances that they’ll have the support they need if the worst should happen.
Original post ubabenefits.com
According to the IRS, identity theft has been the number one consumer complaint to the Federal Trade Commission for 15 consecutive years. The Bureau of Justice Statistics estimates that 17.6 million people were victims of identity theft in 2014. Organizations at every level are trying to protect employee and customer personal information from computer hacking that can disclose sensitive information to identity thieves. As a protective measure, some businesses are providing identity theft protection services in the hopes of preventing and mitigating damage from a data breach. Some insurance carriers are now also offering identity protection services to their customers at no additional cost. Questions were posed to the IRS concerning the taxability of identity protection services provided at no cost to customers, employees, or other individuals whose personal information may have been compromised in a data breach.
The taxation of this identity protection benefit/service was considered by the IRS in 2015 and again in early 2016. Originally, the IRS determined that an individual whose personal information may have been compromised in a data breach does not have to include the value of such an identity protection service in his or her gross income. Similarly, the IRS had ruled that an employer providing such data protection services to employees whose personal information may have been compromised in a data breach of the employer’s recordkeeping system (or employer’s agent or service provider) does not have to include the value of such service in the employee’s gross income or wages. The value does not have to be reported on an individual’s W-2. (See IRS Announcement 2015-22.)
But what about identity theft protection services that are offered as a precautionary measure before a breach occurs? Blue Cross Blue Shield, for example, is now offering identity protection services to all eligible BCBS members on an opt-in basis as of January 1, 2016. The offering includes credit monitoring, fraud detection and fraud resolution support. After the IRS elicited comments on Announcement 2015-22, it decided to extend the same tax treatment to identity protection services provided to employees or other individuals before a breach occurs, similar to that offered by Blue Cross Blue Shield. (See Announcement 2016-02.) The reasoning behind this ruling is that providing identity protection services to employees and others before a data breach occurs will foster earlier detection of a data breach and may minimize the impact of a breach on operations.
While this tax treatment does not apply to cash received in lieu of the identity protection service or proceeds received under an identity theft insurance policy, it is a benefit that is worthwhile to flag for your clients at a time when identity theft continues be a growing problem in the United States.
Original post ubabenefits.com