According to the Association of Corporate Counsel, “employee error” is the most common cause of data security breaches for employers.
Other common causes of security breaches included insiders stealing company data and phishing attacks.
The survey of 1,000 in-house lawyers for organizations in 30 countries found that most respondents anticipate that their role in cybersecurity, which was traditionally the domain of IT departments, will increase in the coming year.
However, only 10 percent of lawyers surveyed said they have a budget for addressing cybersecurity. Although half of respondents said their organizations carry cybersecurity insurance, only 19 percent of those who experienced a breach said their insurance policy fully covered their losses.
According to the report, health care is the industry most at risk for a cyber attack, followed by insurance and manufacturing/retail. Nicole Hong “Employee Error Leading Cause of Data Breaches, New Survey Says,” blogs.wsj.com (Dec. 9, 2015).
Attorneys are becoming more involved in data security, as this survey shows, because cybersecurity is a legal and liability issue as much as an IT issue.
When personal information is compromised as a result of poor cybersecurity, customers, employees, or other victims can file a class action lawsuit against the organization for jeopardizing their confidential information. As more class actions occur, so will legal involvement.
Data breach lawsuits can be extremely costly. One of the most notable recent cybersecurity failures was the 2013 Target breach of up to 110 million customers’ credit and debit card information. In 2015 Target settled a resulting class action lawsuit for $10 million. In addition, Target agreed to reimburse thousands of financial institutions as much as $67 million for costs incurred from the breach.
In 2013, health insurance company, AvMed Inc., agreed to pay $3 million to settle a class action lawsuit for maintaining inadequate data security because of the 2009 theft of laptop computers containing the personal information of 1.2 million customers.
Although attacks by international hackers garner more attention, this report shows that employee negligence actually poses the greatest risk to an organization’s cybersecurity.
In order to protect data security, employees should receive training in the following:
1. Mobile device security, including never leaving mobile devices unattended in public and physically locking them in the office when not in use;
2. Malware prevention, including regularly scanning computers for malware;
3. Identity theft, including not sharing personal information on email or insecure websites;
4. Phishing, including never clicking on links in an email;
5. Passwords, including how to create strong passwords by using pass phrases; and
6. Wi-Fi security, including never using an insecure public network to send confidential information.
On November 30th, Hyatt Hotels discovered that hackers “managed to breach its network, access the payment processing system and possibly steal payment-card information belonging to visitors.”
The spokesperson for the hotel chain did not give details about the scope of the attack: how many customers were affected; how many of the company’s 627 hotels were affected; how long the network was infected; and what malware was used to attack the network. The company did state that “the malware was programmed to collect payment information, including card numbers, expiration dates and verification codes.”
Hyatt has assured the public that steps have been taken to strengthen the security of its systems in all of its hotels around the world. The hotel chain has also advised customers to review their payment-card account statements closely and to report all unauthorized charges to their card issuer immediately. Chris Smith, “Hyatt Hotels Chain hit with credit card stealing malware,” bgr.com (Dec. 25, 2015).
A human resource consulting firm recently released the results of its annual survey on employer-sponsored health care plans. One piece of good news from the survey is that average health care costs per employee experienced a smaller increase this year (3.8 percent) as compared to the increase in 2014. This is the third year in a row in which increases have been below four percent.
Unfortunately, small employers, those with 10 to 499 employees, experienced higher average cost increases at 5.9 percent. Large employers with 500 or more employees fared better with an average increase of 2.9 percent.
However, 23 percent of large employers face paying the “Cadillac” tax in 2018 if the coverage they offer is considered high-cost insurance. The number of affected employers is expected to increase to 45 percent by the year 2022.
Employers are looking at a variety of ways they can reduce health care costs. Offering health plans that are consumer directed with a high deductible is their primary strategy. The survey found that 25 percent of covered employees use this type of plan along with an employee savings or reimbursement account.
Even with cost-saving measures, the employers surveyed expect their per-employee health benefit expenses to rise by 4.3 percent in 2016. “Survey: One in four large employers at risk for ‘Cadillac’ tax,” www.businessrecord.com (Nov. 20, 2015).
Smartphones and other smart devices have become an extension of who we are. Sixty-four percent of American adults own a smartphone, and 67 percent admit to checking them even when they aren’t ringing or buzzing with messages or call notifications.
We’re always on, and we’re always connected. But what is this constant state of connection costing us in terms of workplace concentration, performance and productivity? Here are a few effects of constant connection:
Sleep Loss — Smartphone screens emit a blue light that suppresses the production of melatonin, the hormone that tells your body when it’s time to sleep. When your sleep cycle gets disrupted, your concentration and memory can suffer.
Lack of Concentration — Researchers at Florida State University found that phone notifications alone were enough to significantly disrupt performance on tasks that required high levels of attention. Subjects were three times more likely to make mistakes while their phones were buzzing or ringing. The level of distraction was comparable to that of answering a phone call or text.
Less Creative Thought — Research has shown that some of our most original thoughts come during times of boredom, when our minds are free to wander and make new subconscious connections. But we’re spending so much time on our mobile devices, we’re not giving our minds any free time to roam.
Motivation Lulls — According to research, intuitive thinkers are more likely to turn to their smartphones when faced with a problem rather than use their own brainpower.
Tips for Disconnecting
Use Your Brain — Remember the good old days when you could easily recall phone numbers, home addresses and directions to a new neighborhood? Try doing things the old-fashioned way to keep your mind sharp.
Create a Schedule — Set aside a specific time to deal with smartphone notifications each day. During that period, you can check messages and return calls and emails. Don’t vary from the schedule unless it’s an absolute emergency.
Enjoy Downtime — Make sure your time off is just that. If possible, turn off the smartphone in the evenings and on weekends so you can concentrate on yourself.
Get Some Rest — Put the smartphone away an hour or two before bedtime so your body can properly adjust and prepare for sleep, and don’t forget to turn off the phone while you’re sleeping!
The law firm Seyfarth Shaw LLC reports that cases under the Fair Labor Standards Act (FLSA) rose 7.6 percent in a 12-month period, continuing a trend. The firm expects the number of cases to top 9000 in 2016.
FLSA matters include charges for failure to pay; failure to pay minimum wage; misclassification; and child labor. Although raising the minimum wage receives the most media attention, the greatest risk for employers in 2016 is misclassification.
Misclassification includes classifying non-exempt employees as exempt and classifying employees as contractors. Misclassification has the attention of the DOL, the IRS, and the trial bar.
The DOL argues that misclassification is a form of wage theft. The IRS argues that misclassification is tax theft. Trial lawyers take misclassification cases because they are easy to prove and have large damage awards. The common theme of all three parties is they want employers to pay more.
Employers argue that they are simply doing what was allowed in the past before the litigation storm, but that argument falls on deaf ears, including those of federal court judges and juries.
The Seyfarth announcement states that some federal courts have made it easier for trial attorneys to certify classes of employees for FLSA matters. Opposing class certification successfully was one way defense lawyers could stem the litigation tidal wave. With that slowly eroding away, one can expect more wage and hour class actions. “Federal Wage and Hour Lawsuits Up 8%, To Record High, Firm Finds,” http://www.staffingindustry.com (Nov. 24, 2015).
Adding to the mix, 2016 is an election year, and the Obama Administration’s DOL has stated its plans to make changes before it departs.
Already promised by the DOL, but delayed, is the moving of the threshold for payment of overtime from $23,660 to a proposed $50,440. In general terms, any employee making less than the proposed $50,440 is due overtime no matter their position or job duties. This change will be fundamental and will impact every employer, especially small and rural employers and start ups that do not have the capital to pay hefty salaries, but need work hours to get a business off-the-ground.
The hits keep coming for 2016 with the July 15, 2015, DOL Administrator’s Interpretation No. 2015-1, http://www.dol.gov/whd/workers/Misclassification/AI-2015_1.htm. The Interpretation will make it more difficult for employers to classify workplace participants as contractors. The recent popularity of the new Uber work model and the use of contractors to avoid paying benefits, like the mandates of the Affordable Care Act, has many in Washington concerned. According to the DOL, misclassification leads to lower collection of tax revenue.
Although not a certainty, there is talk that the DOL will narrow some of the exemptions for 2016. If that does happen, it will also increase overtime exposure for employers.
The result of these judicial and regulatory changes is a wage and hour tsunami that will begin in 2016 and that could crest in 2017 or 2018 unless legislative changes are made. Until then, employers need to start filling their sand bags and prepare because 2016 will be a year of wage and hour change.