5 Things Employers Can Do to Improve their Cybersecurity
As the Clinton Campaign
, and thousands of other organizations have found out the hard way, hacking has become a major problem. Attacks from hackers can be devastating, and employers are shelling out vast sums of money on cybersecurity. While these expenses might be worthwhile, here are 5 inexpensive things that employers can do to protect the security of their information:
Train Employees to Recognize and Not Fall Victim to Phishing Scams
Phishing is the attempt by hackers to obtain sensitive information like usernames, passwords, credit card info, etc. by sending an email that looks to be legitimate. The email directs the user to enter his or her information into a website, which the hacker can access and then exploit. Employees should exercise extreme caution opening emails that come from someone whom they do not know, never respond to an email that looks odd and that has unusual spellings and characters, or that does not pass an anti-virus program. Employees should only enter sensitive information into websites they know to be secure.
No Weak Passwords
Employees should have training on password security so that they understand the difference between strong and weak passwords. Strong passwords should not be easy to guess, and should contain multiple types of characters. Passwords should not be shared with the entire company—only the user and perhaps an IT professional should know what the password is. Also, passwords should be changed every few years at least.
No Downloading Unauthorized Software
Only IT professionals should be permitted to download software. Downloading malicious software is one of the primary ways in which a company’s cybersecurity can be breached. Make it known to your employees that they are not permitted to download software unless specifically authorized by an IT professional.
Alert Employees About Cybersecurity Incidents
If there is a breach of your cybersecurity system, let your employees know. Issue instructions about how to respond, and, if necessary, consider alerting the press. A lack of transparency may increase the damage caused by a cybersecurity incident, so employers should be forthcoming when such an incident occurs.
Create a Cybersecurity Policy, and Have Regular Training on It
Studies have found that only 36% of companies have cybersecurity policies
. When considering the enormous damage that can be done by a cybersecurity breach, I believe that every employer should have such a policy in place. This policy should not only discuss ways to ensure cybersecurity, but should also discuss what should be done in the event of an emergency, like when, for example, an employee downloads malware. Such a policy should also reward employees who abide by it and hold those accountable who do not.
However, a cybersecurity policy is pretty useless if your employees do not know about it. Have regular cybersecurity training to discuss your policy and address any cybersecurity concerns your employees may have.
Paid Parental Leave Should Recognize Dads as Equals
With Father’s Day just past, we are mindful of greater awareness by employers that workers have a life outside of the workplace and that employee satisfaction with their jobs doesn’t stop when the workday ends. Of course the benefit of this awareness is that happy employees are often more productive employees who want to stay with the organization.
One of those benefits is more leave time, maybe paid leave, upon the birth of a child. Many employees, both male and female, are entitled to FMLA when their families grow (by birth, adoption or foster care) and some employers are looking to make that transition financially easier by offering paid parental leave in addition to or in lieu of FMLA which normally requires employees to use their banked benefit time or go without pay. No longer is it considered shirking their job obligations when dads want to spend time with their children.
The problem that sometimes arises here is that childbirth (or adoption or foster care) is still primarily focused on the mother. After all, it’s the woman who gives birth and, sadly, it’s the woman who is still generally seen as the primary caretaker of children, especially infants and young children. It is laudable when employers want to ease the transition of a new child in the family by giving an employee some paid time off; it is a formula for trouble when that paid leave is different for men versus women.
Let me be clear, this is not to say that employers cannot offer paid time off to female workers for the physical recovery after childbirth unless they offer the same paid time off to fathers. It is the paid time off that employers offer to workers for bonding with a new child and transitioning the family through the addition of a new member that should be the same.
Take for instance the claim against cosmetic giant Estee Lauder that was settled a couple of months ago. The company provided six weeks of paid time off to biological mothers to recover from childbirth as well as six weeks of paid time off to mothers (whether biological or not) to bond with the new child. Biological mothers could stack that time for 12 weeks of paid leave. Fathers received two weeks of paid time off to bond with a new child in the family. Worse yet for the company, it apparently categorized mothers as primary caregivers and fathers as secondary caregivers. The EEOC sued the company
claiming that this violated not only Title VII, but also the Equal Pay Act because it afforded more benefits to female workers than male workers in the same jobs. The company reached an undisclosed settlement
Interestingly, a recent survey
by the Society of Human Resource Management (SHRM) found that of employers who responded, most who offered paid parental leave gave more time off for bonding to mothers, not only reaffirming the stereotype that mothers are the primary caretakers of children, but maybe violating the law. Employers should make sure that they separate disability benefits for biological mothers (time off to recover from childbirth) from paid time off for bonding with a new child. That bonding time should be the same
for both female and male workers.
TRS Caps Retirement Salary Increases at 3%
The Teacher Retirement System, Illinois’s teacher pension fund, is possibly the most woefully underfunded state pension fund in Illinois. One way that it got that way, along with years of employer underfunding
, is the “pension spikes
” that were used as retirement incentives. The “buy now, pay later” mentality of legislators, school districts and labor unions afforded teachers and administrators the chance to boost their income significantly in their last few years of employment to increase their pension payments without either the employee or the employer contributing enough to TRS to actually fund that resulting increased pension payment. The problem, of course, is that the State doesn’t have the money to “pay later” for the cost of the inflated pensions.
TRS as well as other public pension funds have set a course to turn this Titanic ship of a pension problem around by penalizing employers for wage increases above a certain percentage for employees in the years of employment for which their salaries are used to determine their pension. Several years ago, TRS capped the increase at 6%
which was met with general shock and outrage. In the State’s budget bill
, signed into law last week by Gov. Rauner, the legislature reduced the wage cap before a penalty is assessed, by half. Now any TRS participating employer who increases wages beyond 3% in an employees final years of working will pay the hefty penalty of being liable for the accelerated payment of the increased cost of pension payments for the individual.
The penalty would apply if the amount of a TRS member’s salary for any school year used to determine the final average salary exceeds the prior year’s salary by more than 3 percent. TRS employers must be extra aware of this new cap for two reasons. First, many negotiated annual salary increases are hovering near the 3% mark. But the cap doesn’t just apply to straight wage increases. Creditable earnings include extracurricular pay, stipends, and contributions to tax-deferred retirement plans. For Tier I employees, pensions are calculated using the four highest, consecutive annual salary rates within the last 10 years of creditable service. For Tier II members, it is calculated using the average of the eight highest, consecutive annual salary rates within the last 10 years of creditable service. Exceeding the 3% salary cap could be relatively easy.
The new cap applies to any salary increase occurring after the effective date of the budget bill, which was June 5, 2018. Exceptions to the cap exist for any increases previously agreed upon contractually, such as union contract or individual employment agreements. It would not be surprising to see other state pension funds following suit.
Maryland Passes Law Requiring the Disclosure of Sexual Harassment in the Workplace
Maryland’s Disclosing Sexual Harassment in the Workplace Act of 2018
, which takes effect on October 1, 2018, impacts employers in two ways. First, the law prevents employers from asking employees to waive their future rights to come forward with sexual harassment complaints and provides that any such waivers are void.
Second, the law requires employers with at least 50 employees to disclose: 1) how many settlements the employer has made after a sexual harassment allegation; 2) how many times an employer has settled allegations of sexual harassment made against the same employee; and 3) the number of settlements of sexual harassment complaints that included non-disclosure provisions. The Maryland Commission on Civil Rights will collect and compile this data and make it available to the public starting in 2020.
Employers who require employees to remain silent about sexual harassment allegations are coming under increasing legal scrutiny. It may be worthwhile reconsidering whether such confidentiality provisions are necessary. Also, employers should be doing periodic sexual harassment training. Ancel Glink offers such training, so feel free to contact us
to set this up.