Archive | RIsk Management RSS for this section

Small & Large Employers Alike Are Feeling the Impact of PPACA

InsuranceA human resource consulting firm recently released the results of its annual survey on employer-sponsored health care plans. One piece of good news from the survey is that average health care costs per employee experienced a smaller increase this year (3.8 percent) as compared to the increase in 2014. This is the third year in a row in which increases have been below four percent.

Unfortunately, small employers, those with 10 to 499 employees, experienced higher average cost increases at 5.9 percent. Large employers with 500 or more employees fared better with an average increase of 2.9 percent.

However, 23 percent of large employers face paying the “Cadillac” tax in 2018 if the coverage they offer is considered high-cost insurance. The number of affected employers is expected to increase to 45 percent by the year 2022.

Employers are looking at a variety of ways they can reduce health care costs. Offering health plans that are consumer directed with a high deductible is their primary strategy. The survey found that 25 percent of covered employees use this type of plan along with an employee savings or reimbursement account.

Even with cost-saving measures, the employers surveyed expect their per-employee health benefit expenses to rise by 4.3 percent in 2016. “Survey: One in four large employers at risk for ‘Cadillac’ tax,” www.businessrecord.com (Nov. 20, 2015).

Advertisements

63 Emerging Risks No One is Talking About

emerging riskEverybody knows about climate change and catastrophes, the Internet of Things and the cloud, the on-demand economy and online shopping, autonomous vehicles and robots in the workplace, terrorism and pandemics, 3-D printing and cyber theft, and political instability and economic uncertainty. Insurance professionals have been talking about these and many other emerging risks for years.

But what’s lurking in the shadows? What insurance and organizational risks of the immediate or distant future are being overlooked? What are the risks facing organizations that are flying under the radar?

  1. Innovation follows manufacturing. The idea that innovation happens in one place—Silicon Valley—while manufacturing happens in another—China—is unsustainable. If all the manufacturing is happening in China, a lot of the innovation will happen there, too. (“Making Innovation,” MIT Technology Review, Sept. 16, 2014 by Nanette Byrnes)
  2. Narcissistic executives. Narcissistic CEOs are more likely to engage in risky business practices. (“Talent Risk: A Killer Torpedo,” Carrier Management, Dec. 31, 2013; “CEO Narcissism, Accounting Quality, and External Audit Fees,” May 11, 2015 by J. Scott Judd, University of Arizona; Kari Joseph Olsen, Utah State University; James Stekelberg, University of Arizona)
  3. Digital disengagement. More and more people opt out of social networking and the digital world, refusing to share data. (“Swiss Re SONAR: New emerging risk insights,” page 15)
  4. Predictive model backlash. As insurers use more predictive models, more people allege discrimination. One social media complaint spreads instantaneously.
  5. Extreme carrier consolidation. Larger carriers utilize their superior data and analytics capabilities to wipe out smaller ones. This reduces competitions and increases rates.
  6. Obesity as a disability. With obesity classified as a disability, expect reasonable accommodation, disability discrimination and harassment claims.
  7. Autism liability. Environmental contaminants could be responsible for a large number of autism cases. (“Possible Environmental Cause of Autism Discovered,” GenRe blog item posted Oct. 30, 2013 by Charlie Kingdollar)
  8. Super materials. Graphene could eventually replace steel and can be used to turn on lightbulbs. What about electric cars? Shrilk, made from leftover shrimp shells, is useful for sutures or growing new tissue. Lotus leaves are used to make waterproof paints and textiles. (“Extreme Graphene and the Coming Super Materials Gold Rush,” www.futuristspeaker.com, Oct. 27, 2014 by Tom Frey; “The Super Supercapacitor,” directed by Brian Golden Davis on Vimeo; “Hold on. My Phone Says I’m Having a Heart Attack: Top Tech Trends Revealed,” Carrier Management, Nov. 19, 2014)
  9. More super materials. An ultra-thin invisibility cloak made of microscopic rectangular gold blocks can render objects undetectable with visible light. The technology eventually could be used for military applications—disappearing vehicles, aircraft, soldiers. What about civilian life? (Now you see it, now you don’t: invisibility cloak nears,” Reuters, Sept. 17, 2015 by Will Dunham)
  10. Communication Tower with Antennas isolated on white background. 3D renderCell tower worker safety. Communications tower climbing has a death rate roughly 10 times that of construction. (“In Race For Better Cell Service, Men Who Climb Towers Pay With Their Lives,” ProPublica, May 22, 2012 by Ryan Knutson, PBS Frontline, and Liz Day, ProPublica)
  11. Habit-forming technologies. Technologies aimed at forging new habits have been used by casinos and cigarette makers for years. Today, the business model is open to a broad range of companies. (“Technology and Persuasion,” MIT Technology Review, March 23, 2015 by Nanette Byrnes)
  12. Sophisticated fraud. Today’s controls will not detect tomorrow’s fraud. Insurers lack red flags for new types of schemes. (“White paper: Emerging issues,” Coalition of Insurance Fraud at http://www.insurancefraud.org)
  13. Multitasking employees. Less-focused employees are less productive. (“The high cost of multitasking that you weren’t aware of,” Tumotech, March 16, 2014 by Chuck Tesla)
  14. Activist investors. They use sophisticated methods to target companies, even high-performing ones. (“Taking the Full View: the Four “P’s” of Pay for Performance and Why They Matter to Investors,” C-Suite Insight, Issue 15 2014 published by Equilar; “It’s Not Your Imagination, Activism Has Grown,” Bloomberg BNA, Aug. 31, 2015)
  15. Graying corporate directors. The average age of directors of companies in the S&P 1500 index is 64. (“Age and Tenure in the Boardroom,” published by Equilar)
  16. Coaching the wrong team. Too many executives invest their limited time trying to “fix what is broken” instead of investing in their highest-performing people. (“Avoid the five talent management mistakes that put companies at risk,” C-Suite Insight, Issue 15 2014, published by Equilar)
  17. Outdated job descriptions. Failing to redefine jobs as the company strategy evolves and new hires assume responsibilities. (“Avoid the five talent management mistakes that put companies at risk,” C-Suite Insight, Issue 15 2014, published by Equilar)
  18. Board’s role in overseeing risk. Investors expect boards to mitigate the risks associated with strategic business decisions. (“Game of Guidance: The Critical Role of Boards in Overseeing Risk,” by Belen E. Gomez, C-Suite Insight, Issue 15 2014 published by Equilar)
  19. Weakening of state regulation. As federal and foreign governments assume more of a role, state regulation loses influence.
  20. Occupational licensing. States’ licensing requirements cost jobs and raise prices while not delivering on health and safety. (“Occupational Licensing: A Framework For Policymakers,” July 2015, The White House)
  21. Dementia in the C–suite. Dementia rates may be declining, but only for younger Americans. (“Why Your Risk for Dementia May Be Lower Than Your Parents’ and Grandparents,’” HealthDay, July 24, 2015 by Amy Norton)
  22. Scheduling stress. Planning work around personal, family and community needs gets more difficult every day.
  23. Employee financial fitness. Attention is paid to health wellness, but financial stress can affect performance. (http://financialfitnessgroup.com/)
  24. Personal and small commercial blend. Work-at-home, ridesharing, home sharing all demand a new type of policy.
  25. Solar storms. The probability of a solar storm doing damage could be as high as 12 percent. (“Time to be afraid: Preparing for the next big solar storm: Kemp,” Reuters, July 25, 2014 by John Kemp)
  26. Vertical cities. Giant vertical urban skyscraper projects are booming in Asian and Arab cities. They could be vulnerable to energy failures and spreading of disease. (“Swiss Re SONAR: New emerging risk insights,” page 19; “Pushing the limits—Managing risk in a faster taller, bigger world,” CRO Forum, Emerging Risk Initiative—Position Paper)
  27. Digital payment systems. New apps like Venmo and Dwolla are a challenge to banks and credit card firms and could raise security risks. (“Technology Repaints the Payment Landscape,” MIT Technology Review, Jan. 26, 2015 by Nanette Byrnes)
  28. Corruption abroad. Pressure to grow in emerging markets leads companies to avoid addressing corruption risks, especially in Africa and BRIC nations. (“Six fraud and corruption trends for 2014,” CMGA magazine, Jan. 9, 2014 by Neil Amato)
  29. Hard and easy workers comp. Underwriters flock to the favored comp classes with good loss experience; less competition for harder-to-place employers will bring upward rate pressure on loss-sensitive programs. (“Top 10 Casualty Insurance Trends for 2015: Marsh,” Insurance Journal, Dec. 17, 2014)
  30. Faulty laws on fraud. Anti-fraud laws and evidence requirements vary by country and state, making enforcement more difficult and raising costs in multijurisdictional crimes. (“White paper: Emerging issues,” Coalition of Insurance Fraud at http://www.insurancefraud.org)
  31. Data-savvy customers. Just as companies are using data to sell, consumers are also using data and analytics to make buying decisions.
  32. Skilled labor shortages. Finding skilled workers is a major concern of small businesses. (2015 Travelers Business Risk Index)
  33. A stethoscope and American money on a white background - Healtcare cost conceptMedical cost inflation. More respondents (60 percent) are worried about medical cost inflation than about any of the other risks in the 2015 Travelers Business Risk Index.
  34. Landlord liability. More and more property owners try to cash-in on the booming residential rental market. But do they know their responsibilities?
  35. De-globalization. A growing trend in some regions in favor of nationalist and interventionist policies. (“Swiss Re SONAR: New emerging risk insights,” page 8)
  36. LED dangers. LED lights are growing in popularity over incandescent and fluorescent lamps. But some question the health effects of their blue waves, especially at night. (“Swiss Re SONAR: New emerging risk insights,” page 28)
  37. Home brewing. Beyond brewing beer, new technology makes mixing powerful cocktails—even inhalable drinks—in the privacy of home easy and fun. (http://monsieur.co/)
  38. 3-D intellectual property. Lessons from the music industry as 3-D printing takes hold. (“Protecting IP from 3D Printing: What Companies Need to Know,strategy+business, April 2, 2015 by Matt Palmquist)
  39. Flaming foam. HBCD applied to popular polystyrene foam insulation to make it fire-resistant can be highly toxic and carcinogenic. (“China Leads Fire Safety Regulations with a New Fire Code,” XL Catlin Fast Fast Forward, July 29, 2015 by Tony Wu)
  40. Corporate secrets. Hackers are targeting people with access to insider data that can be used to profit on trades before that data is made public. (“Cyber ring stole secrets for gaming U.S. stock market-FireEye,“ Reuters/CM, Dec. 1, 2014 by Jim Finkle)
  41. Jailhouse risk. Wrongful incarceration suits raise insurance coverage issues. (“Wrongful Incarceration Suits Surge Giving Rise to Insurance Coverage Trigger Issues,” Carrier Management, Nov. 3, 2013)
  42. Fertility liability. Courts are struggling to define fertility clinics’ responsibilities to divorced couples and to decide who owns an embryo. (“After A Divorce, What Happens To A Couple’s Frozen Embryos,” NPR, Aug. 22, 2015 by Jennifer Ludden)
  43. Death industry risk. People can choose when, where and how to end their lives. Suicide assistance organizations, suicide tourism, human remains composting and digital memorials are growing. (“Swiss Re SONAR: New emerging risk insights,” page 16
  44. Worker depression. Rates vary by industry and position, but 6 percent of professional workers and nurses report having or being treated for depression. (“U.S. Managers Have Low Rates of Depression in 2014, Gallup website, April 15, 2015 by Rebecca Riffkin)
  45. The Decline of the COO. Is it time to add chief operating officers to the list of endangered species? (“The Decline of the COO,” strategy+business, May 4, 2015 by Gary L. Neilson)
  46. Medical and litigation funding. A rising number of firms are covering litigation and medical costs for plaintiffs in product liability lawsuits in exchange for a share of the class action settlement. Rates are sure to rise.
  47. Foodborne illness. Genome sequencing is making it possible to more quickly and accurately track a foodborne illness to its source. Food recalls could increase, and the manufacturers responsible will be held accountable. (“FDA wants food companies to hand over their pathogens,” Reuters/IJ, Aug. 27, 2015 by Julie Steenhuysen)
  48. Franchise liability. Franchises like McDonald’s and contractors including staffing agencies are considered joint employers under a new National Labor Relations Board standard and thus responsible for working conditions. Are new EPLI exposures looming? (“Union Wins Closely Watched Labor Case Over Who’s the Boss,” Bloomberg/IJ, Aug. 27, 2015 by Jim Snyder)
  49. Overlapping occupational risks. Particular characteristics—such as being an immigrant/foreign-born worker, a worker under the age of 25 or an employee of a small business—can increase an individual’s risk for workplace injury or illness. When a worker has two or more of these characteristics, the risk is compounded. (“Overlapping Vulnerabilities,” CDC website, NIOSH Science blog, Aug. 28, 2015 by Deborah Hornback, MS; Thomas Cunningham, PhD; and Rebecca J. Guerin, MA)
  50. Shopping while driving. Carmakers are partnering with retailers and bankers to offer dashboard apps so drivers can shop and bank while behind the wheel. (“Cars Become Target for Identity Theft as Shopping Hits Dashboard,” Bloomberg/IJ, Aug. 27, 2015 by Keith Naughton and Olga Kharif)
  51. Failure to disclose. Improperly disclosing risks to shareholders is an overlooked risk, and insurers are among the companies failing to disclose. (“Inadequate Shareholder Disclosure and Other Killer Risks,” Carrier Management, Jan. 15, 2014)
  52. Payoff for living in a quake zone. A Dutch court said a gas producer must compensate homeowners for falls in the value of their properties due to earthquakes linked to gas production. Will other courts follow? (“Dutch court: gas producer NAM must compensate homeowners in quake zone,” Reuters, Sept. 2, 2015 by Toby Sterling)
  53. Worker deaths on the rise. Oil and gas industry workers are particularly vulnerable. (“U.S. Workplace Fatalities Likely at Highest Level Since 2008,” Wall Street Journal, Sept. 17, 2015 by Alexandra Berzon)
  54. Genome data: There’s an app for that. Networks of genome data could spur breakthroughs for decoding rare diseases, but there are risks associated with an Internet of DNA and an app store designed to make consumer genomics part of the Internet mainstream. (“Internet of DNA,” MIT Technology Review, 10 Breakthrough Technologies 2015 series; “Inside Illumina’s Plans to Lure Consumers with an App Store for Genomes,” Aug. 19, 2015 by Antonio Regalado)
  55. Asbestos exposure linked to digestive tract cancers. Scientific research is finding asbestos disease beyond lung cancer and mesotheliomas. (“New Paper: ‘Digestive and occupational cancers asbestos exposure: impact study in a cohort of asbestos plant workers,’” Global Tort website, Aug. 31, 2015 by Kirk Hartley; “Genetic Markers May Fuel Next Wave of P/C Insurer Asbestos Reserve Hikes,” Carrier Management, July 29, 2015)
  56. Smart drugs. A drug that improves decision-making, problem-solving and creativity has no “short-term” negative effects like Ritalin. Are there more to come? What about the long term? (“Narcolepsy medication modafinil is world’s first safe ‘smart drug,’” The Guardian, Aug. 20, 2015 by Helen Thomson)
  57. Social media pressure for recalls. A video on Facebook had moms up in arms about specks of glass in Huggies wipes. Will companies speed recalls to silence the critics? (“Moms seek recall of Huggies wipes after particles found,” USA Today, Aug. 25, 2015)
  58. Happy couple taking selfie with selfie stick at the beachSelfie deaths. More people died this year trying to take a selfie than from shark attacks, according to some reports. The latest occurred at the Taj Mahal. (“Tourist reportedly dies at Taj Mahal while taking a selfie,” CNET.com, Sept. 18, 2015, by Chris Matyszczyk; “What Are the Odds? Long, Most Likely,” Wall Street Journal, Aug. 14, 2015 by Jo Craven McGinty)
  59. Crowdsourcing liability. Vast networks of people solving global problems or performing micro-tasks for little or no financial reward could fuel labor lawsuits and increase infringement risks. (“Instagram, Crowdsourcing and the New Risks of Emerging Technology,” Carrier Management, April 7, 2014)
  60. Deadly superbugs. Endoscopes are spreading bacteria. Are other medical devices safe? (“FDA Issues Warning to Scope Makers Over Spread of Deadly Superbugs,” Bloomberg/IJ, Aug. 17, 2015 by John Tozzi) 
  61. Gaming the workers comp system. Is that carpal tunnel case or torn tendon really a work-related claim? It could be too much tweeting or smartphone game-playing. (“Man Tears Tendon After Playing ‘Candy Crush’ for Weeks,” livescience.com website, April 13, 2015 by Rachael Rettner) 
  62. Short-termism. The perceived excessive focus of businesses on short-term results rather than long-term value creation. It’s an issue for directors and officers liability. (“The Short-Termism Debate: Are There D&O Liability Risks Involved Too?” D&O Diary, Aug. 8, 2015, published by Kevin M. LaCroix)
  63. Self-driving golf cart. Will executives take out their frustrations on other players rather than by driving the cart into the water hazard? (http://aurobots.com/)

Microsoft & IRS Scam Phone Calls

phone scamA few weeks ago a friend received a call on her cell phone. A gentleman said he was calling from “Microsoft” to fix her computer. She told him he needed to talk with “her techie husband” and handed the phone to her husband. He promptly hung up. She wanted to string him along. He did not want to waste his time.

The number and sophistication of scams seem to be increasing. A popular one is a phone call from the IRS demanding payment for overdue taxes.

Two weeks ago the Internal Revenue Service issued another warning to taxpayers to remain on high alert and protect themselves against the ever-evolving array of deceitful tactics scammers use to trick people.

These schemes – which can occur over the phone, in emails or through letters with authentic-looking letterhead – try to trick taxpayers into providing personal financial information or scare people into making a false tax payment that ends up with the criminal.

The Treasury Inspector General for Tax Administration (TIGTA) has received reports of roughly 600,000 contacts since October 2013. TIGTA is also aware of more than 4,000 victims who have collectively reported over $20 million in financial losses as a result of tax scams.

Scammers posing as IRS agents first targeted those they viewed as most vulnerable, such as older Americans, newly arrived immigrants, and those whose first language is not English. These criminals have expanded their net and are now targeting virtually anyone.

In a new variation, scammers alter what appears on your telephone caller ID to make it seem like they are with the IRS or another agency such as the Department of Motor Vehicles. They use fake names, titles, and badge numbers. They use online resources to get your name, address, and other details about your life to make the call sound official. They even go so far as copying official IRS letterhead for use in email or regular mail.

Brazen scammers will even provide their victims with directions to the nearest bank or business where the victim can obtain a means of payment such as a debit card. And in another new variation of these scams, con artists may then provide an actual IRS address where the victim can mail a receipt for the payment – all in an attempt to make the scheme look official.

These scam artists often angrily threaten police arrest, deportation, license revocation or other similarly unpleasant things. They may also leave “urgent” callback requests, sometimes through “robo-calls,” via phone or email. The emails will often contain a fake IRS document with a telephone number or email address for your reply.

It is important to remember the official IRS website is IRS.gov. Taxpayers are urged not to be confused or misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov.  Taxpayers should never provide personal information, financial or otherwise, to suspicious websites or strangers calling out of the blue.

Below are five things scammers often do that the real IRS would never do:

The IRS will never:
1.     Angrily demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you a bill.
2.     Threaten to bring in local police or other law enforcement groups to have you arrested for not paying.
3.     Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
4.     Require you to use a specific payment method for your taxes, such as a prepaid debit card.
5.     Ask for credit or debit card numbers over the phone.
Here’s what you should do if you think you’re the target of an IRS impersonation scam:
If you do owe taxes, call the IRS at 1-800-829-1040. IRS workers can help you with a payment issue.
If you know you don’t owe taxes or do not immediately believe that you do, you can report the incident to the Treasury Inspector General for Tax Administration (TIGTA) at 1-800-366-4484.
If you’ve been targeted by any scam, be sure to contact the Federal Trade Commission and use their FTC Compliant Assistant. Please add “IRS Telephone Scam” to the comments of your complaint.
For more information on reporting tax scams, go to IRS.gov and type “scam” in the search box.

New Malware Strains Grow 125 Percent: What Does That Mean For Employers?

malwareThe latest research from a German cybersecurity firm reveals an increase in new malware strains in 2014. The data reflects a 125 percent increase in malware variants, with almost 70 percent of the total number of samples identified occurring in the second half of the year. According to these figures, a new strain of malware is created every 3.75 seconds.
This sizable jump in late 2014 is the largest increase seen yet. The biggest increase came from adware variants, which made up 31.4 percent of all malware signatures identified, five times greater than in the first half of the year.
Cybercriminals are not necessarily creating entirely new malware programs, but are continually changing and updating existing malware in order to increase their effectiveness and avoid detection.
Organizations spend vast amounts of money on system security technology, but in truth, these efforts are undermined if employees are not properly trained on secure policies and practices.
Employee training can never fully eliminate poor user choices, but passing on relevant information on a recurring basis will help. Employers can reduce the threat of attack by conducting regular training updates that teach employees to identify malware and identity theft schemes.
Make your network security training more personal by linking home computer security with workplace security. Illustrating the risk of an employee’s personal information may make more of an impact, and employees who develop good computer habits at home are likely to carry them over into the workplace.
Educate employees on the value of firewalls, anti-virus software, and other security technologies.

Everyone is a Potential Target for CyberAttacks

Critical Steps to Protecting Sensitive Data
by David Hallstrom

cyberNot a week goes by without news of another high-profile cyber attack — Target, Sony, JPMorgan Chase, just to name a few. Not even the federal government is immune. Just this week, the U.S. government announced that hackers had accessed the personal data of more than 4 million current and former federal employees. And earlier this week the Internal Revenue Service announced that individuals used stolen data to gain access to the tax returns of more than 100,000 people through an application on the agency’s own website.

It’s clear that information theft is a constant threat that impacts companies on a daily basis. For every big, public incident, there are scores more that go unreported. Cyber crime is a broader problem that’s not confined to tech companies and large corporations. The risks are very real for all companies.

The truth is, if you possess personally identifiable information on a lone employee or single customer, you have a cyber exposure. That data doesn’t have to exist on a network, either. These days, holding any personal information — even if it exists only on paper — presents a potentially costly privacy risk that falls under the cyber umbrella. Loss can occur as a result of access to networks via stolen credentials or breaches, unsecured or lost mobile devices, or malicious email or Web links.

Regardless of your size or industry, adequate controls are needed to minimize the risks to your sensitive data. Here are five steps you can take to strengthen your cyber risk management strategy:

1. Perform a risk assessment. A critical first step in enhancing your data security is to identify system vulnerabilities and understand how your data is managed and secured. You should have a thorough inventory of the kind of information you have, how much of it you have and where you have it.

2. Educate your team. Everyone is accountable in managing cyber risks, including temporary workers and contactors. Implement a sound internal communication and training strategy on the protection and proper use of sensitive data, including how to recognize and report security threats. Integrate cyber security into employee orientation, with an emphasis on the consequences of sharing passwords, falling for email phishing scams, exposing laptops and USB storage devices to theft, and otherwise neglecting to observe data security policies.

3. Know your vendors. When entrusting personal information to third parties, implement reasonable measures to ensure they have the capacity to protect this information. This means selecting only service providers that are capable of maintaining safeguards for personal information equal to or better than yours, and contractually requiring them to maintain such safeguards. You should also require your vendors to show proof of insurance to provide you with protection if they are the cause of loss.

4. Address portable devices. Accidental loss and theft of laptops, smartphones and tablets are leading causes of compromised data. It is crucial to always encrypt these devices to render the protected information unreadable and unusable in the event of a breach.

5. Make sure you’re properly covered. Insurance is an important weapon in this war. According to the Ponemon Institute, the average security breach costs organizations almost $200 for each record that’s stolen, or about $5.5 million for the typical company breach. A claim that size could cripple a business without adequate insurance coverage. Ideally, it never gets to that point.

The Biggest Risk We Face: The Surprising Source of Cyberattacks

The threat of cyberattacks on U.S. organizations continues to be a major concern among business leaders. The chair of the U.S. Securities and Exchange cyberCommission said in a recent speech that the cyber threat to U.S. businesses is the “biggest risk we face.”
Almost on cue, the U.S. Justice Department’s National Security Division reported the cyber victimization of several U.S. firms to hedge fund leaders.
To gain information about the cause of today’s data security problems, the law firm of BakerHostetler examined the over 200 data security incidents the firm managed in 2014. The firm was able to identify the cause in 139 of them, and found that most security problems (36 percent) were the result of employee negligence. Twenty-two percent were caused by theft from outsiders; 16 percent from inside threats; 14 percent from malware; and 11 percent from phishing attacks.
Experts who worked on the survey believe problems arise when employees bring home sensitive files in their efforts to be more efficient and productive. They will often ignore organizational policies that restrict the types of files that can be taken from the workplace, and then they download information on to unsecured hard drives.
The report also found most organizations are quick to identify a security issue, but lack the procedures to quickly work toward a resolution. Ellen Rosen “Human Error Biggest Cause of Data Breach: Survey,” bol.bna.com (May 11, 2015).

Human error accounts for most data breaches. The good news is that policies and training can help correct most human errors.

– Policies about uploading employer data onto personal devices are an important first step, but they are not the only step.
– Employers should orientate employees on the policy and explain why it is so important.
– Along with orientation, employers must train employees to avoid data loss from employee negligence.
– Employee cyber negligence includes loss of data via stolen mobile devices; Wi-Fi interceptions, phishing and other poor practices.
– The constantly changing nature of cyberthreats requires employee training to be a continuous effort, rather than a “one and done” endeavor. Keeping employees informed of the latest threats will limit employee mistakes, and prevent most hacks.
– It is also important employees understand the importance of specific policies and procedures and how their actions can introduce serious risk.

FMLA & Workers’ Compensation Working Together

fmlaThe Family and Medical Leave Act (FMLA) and workers’ compensation serve different purposes, but the job leave provided by the two may overlap in some cases, affecting employment decisions on issues such as light duty.

FMLA provides employees with unpaid, job-protected leave for certain qualifying reasons, such as a serious health condition that makes the employee unable to perform the functions of his or her job. FMLA generally applies to employees of businesses with at least 50 employees, and, under FMLA, employees are entitled to 12 weeks of job-protected leave for qualifying circumstances.

Workers’ compensation offers medical coverage and income replacement following a work-related injury. Workers’ comp laws often vary from state to state. If an injury that qualifies for workers’ compensation also fall under FMLA-protected health conditions, leave for the two can overlap.

If an employer is covered by FMLA, it should take the time to determine if workers’ compensation leave would also qualify under FMLA as leave for a serious health condition. If it does, the employer should begin the FMLA process immediately and run the FMLA and workers’ comp leave concurrently.

If the employer does not begin the FMLA leave immediately, the employee may end up entitled to more leave than he or she otherwise would have been if the two had run concurrently. In addition, if the employee is away from work for more than 12 weeks under workers’ comp, he or she no longer has job-protected leave after the 12 weeks of FMLA leave end. However, the Americans with Disabilities Act (ADA) may apply, so employers should be careful about automatic termination after 12 weeks of leave.

Another issue that is affected by FMLA and workers’ comp overlap is the possibility of the employee returning to light duty. If an employee who has both leaves running concurrently declines light duty under workers’ comp, he or she may lose those benefits, but the employee would continue to have job-protected leave under FMLA.

When an employee suffers a serious health condition that qualifies him or her for both workers’ compensation and FMLA leave, employers should make sure to consider requirements under both to avoid potential problems.