Monitoring Employee Internet Usage: Technology & Ethics

Monitoring employee internet usage on company computers is not only legal but also integral to maintaining a secure and productive workplace. However, implementing such practices raises important questions about ethics, effectiveness, and the balance between oversight and privacy.

Legal and Ethical Considerations

While it’s legally permissible for employers to monitor internet usage, the ethics can be muddy. Privacy rights, the potential for discrimination, and the impact on employee morale must all be considered. Employers should familiarize themselves with laws such as the Electronic Communications Privacy Act (ECPA) and state-specific regulations that might restrict monitoring to work-related activities only. Clear communication about monitoring policies can help align legal compliance with ethical considerations.

Balancing Privacy with Monitoring

Respecting privacy while ensuring compliance and security is a delicate balance. Employers should aim to monitor internet usage in a way that is minimally invasive. Techniques such as anonymizing data collected from monitoring and limiting reviews to instances where there are specific concerns can help maintain this balance. This approach respects employee privacy while still protecting the company’s interests.

Effectiveness of Monitoring Practices

Research indicates that while monitoring can deter inappropriate use of company resources, its effectiveness varies. A transparent monitoring system, coupled with clear guidelines on acceptable internet use, can enhance compliance without appearing overbearing. Employers should consider whether the benefits of monitoring outweigh its potential to create distrust or disengage employees.

Alternative Strategies to Monitoring

Instead of relying solely on monitoring, employers can also adopt educational approaches to encourage responsible internet use. Regular training sessions on cybersecurity risks and digital etiquette can empower employees to use the internet wisely. Promoting a culture of trust and mutual respect, rather than surveillance, can often lead to more responsible behavior.

Technological Advancements in Monitoring

Advances in technology have introduced more sophisticated monitoring tools that can assess risk without infringing on privacy. AI-driven systems can flag unusual activities based on patterns rather than content, focusing on behaviors that pose a security risk while ignoring harmless activity. Such technologies make it possible to enhance security without extensive surveillance.

The Impact on Employee Morale

The way monitoring is implemented can significantly affect employee morale. Transparent policies that are applied consistently and fairly can mitigate feelings of distrust. Employers should explain the purpose of monitoring clearly – that it is to safeguard, not to invade personal privacy. Inviting feedback on the policies may also help enhance their acceptance.

Developing a Comprehensive Monitoring Policy

Inform Employees: Be upfront about monitoring practices and their purpose. Understanding that monitoring is meant to protect company assets and ensure a safe work environment can reduce perceptions of privacy invasion.
Create a Written Policy: Clearly outline what is considered acceptable use of the internet at work. Detail the monitoring methods and the rationale behind them, ensuring all employees understand their rights and responsibilities.
Technology Support: Utilize software that respects privacy while protecting company interests. Choose solutions that provide alerts for potential misuse without needing to excessively monitor every action.
Regular Updates and Training: Keep the policy and training up-to-date with the latest legal and technological developments. Regular reviews and updates will help maintain its relevance and effectiveness.

By carefully considering the legal, ethical, and human aspects of internet usage monitoring, companies can develop policies that protect both their operational interests and their employees’ rights. Effective monitoring combined with trust-building measures can create a responsible, productive, and secure workplace.

Updated: 4/17/2024

New Phishing Attacks Make 2FA Useless – Updated

Original Perspective Jump to 2024 Update

All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it’s as simple as sending a traditional phishing email. The latest phishing attacks can bypass Two Factor Authentication (2FA) protection without being noticed.

Google researchers are seeing more phishing attacks that are 2FA-aware. Attackers know that organizations are embracing two-factor authentication as a means of thwarting phishing attacks seeking to compromise credentials.

Who Uses 2FA?

Decades of successful attacks against single-factor authentication methods, like login names and passwords, are driving a growing widescale movement to more secure, multi-factor authentication (MFA) solutions. Although MFA solutions have been available for decades, due to a variety of reasons, there is now an ongoing, widescale, rapid adoption of MFA/2FA in both corporate environments and by internet websites.

This trend is exemplified by the fact that over the last few years, the most popular websites and services, including those owned by Google, Microsoft, Facebook, and Twitter, have offered 2FA solutions to their customers. Many internet sites and services now offer both traditional login name/password solutions and more secure 2FA options.

How Does 2FA Work?

Two Factor Authentication helps you protect your identity and accounts. More organizations are using it for its security and ease-of-use. You’ve probably already used 2FA. For example, when you go to the ATM to deposit or withdraw money, you swipe your bank card and enter your personal ID number (PIN).

It’s much the same when you go online to your bank account. You sign in with your ID and enter a passcode, but there’s one more step. A one-time code is sent to you via text message on your mobile phone or in an email. Once you enter this code on the bank’s website, you can get into your account.

How Are Hackers Bypassing 2FA?

By using a second authentication factor (which is usually an SMS text message-based verification code), attackers who only capture usernames and passwords have little use for the details collected.

Attackers exploiting authentication often look for weaknesses in implementations along the entire process. They will look to see if there are gaps in the linkages between the identity, authentication, and authorization…and there often is.

According to a recent talk with Gmail security engineering lead, Nicolas Lidzborski, cybercriminals are evolving the art of the credential phish, and are adding in mechanisms to capture and instantly use the combination of username, password, and verification code.

In essence, the bad guys have come to realize that SMS-based verification will be a part of the process and have painstakingly built detailed lookalike login pages that not only accept user credentials but also facilitate making the Google request to provide the second authentication factor.

As the victim provides the details, the malicious webpage simultaneously logs on to gain access to their entire G Suite. Today, it’s Google. Tomorrow, you can expect attackers to attempt this on every 2FA platform that uses some kind of single sign-on.

How Can We Defend Our Business From This 2FA Phishing Scam?

This is a tough attack method to crack. The pages look identical. The process looks identical. So, the only thing that would stand out is the potentially abnormal email request to view something in the user’s Google account.

2FA is good, but don’t over rely your security assurance on it. It’s a good tool to increase security, but there’s a huge difference between 2FA improving security assurance and it being unhackable. Understanding the difference is crucial to all entities and security administrators relying on MFA solutions.

Education Is Essential To Defend Your Business Against 2FA Scams

Your users should be educated to be mindful of emails that take them to any kind of login page on the Web. Just because they are prompted to authenticate doesn’t mean they just blindly should.

Ongoing Security Awareness Training can help your employees stay current with attack trends, methods, and techniques used, empowering them to know when they see something that just isn’t right, and how to avoid falling for even the most realistic scams that capture 2FA.

Key takeaways:

2FA isn’t unhackable.
2FA doesn’t prevent phishing or social engineering from being successful.
2FA is good. Everyone should use it when they can, but it isn’t unbreakable.
If you use or consider going to 2FA, Security Awareness Training has still got to be a big part of your overall security defense.

Updated Perspective: July 2024

Our 2019 article “New Phishing Attacks Make 2FA Useless” raised valid concerns about the limitations of two-factor authentication (2FA), particularly when it involves SMS-based verification codes. Here’s an updated perspective based on more recent information:

Continued Relevance of 2FA

Two-factor authentication, especially when it includes methods beyond SMS, such as app-based or hardware token-based authentication, remains a highly recommended security practice. These methods add an essential layer of security that can significantly impede unauthorized access.

Evolution of Phishing Attacks

Phishing attacks have indeed become more sophisticated, with attackers now capable of bypassing 2FA through real-time phishing or through the use of man-in-the-middle attacks. However, these attacks require a higher level of effort and sophistication from cybercriminals.

Enhanced Security Measures

To counter advanced phishing schemes, security protocols have also evolved:

Biometric Verification: Many platforms now offer biometric verification as part of multi-factor authentication, providing a more secure alternative to SMS-based 2FA.
Universal 2nd Factor (U2F) Keys: These hardware devices provide an additional layer of security that is not vulnerable to phishing, as the authentication happens in-device.
Zero Trust Security Models: More organizations are adopting the Zero Trust model, which assumes no entity within or outside the network is trustworthy, and requires strict identity verification for every person and device trying to access resources on a private network.

Importance of Security Awareness

The need for ongoing security awareness training is more pressing than ever. Educating employees about the latest phishing tactics, how to recognize phishing attempts, and secure authentication practices can greatly reduce the risk of successful attacks.

Conclusion

Two-factor authentication is far from useless but is not infallible. It is a critical component of a layered security strategy that includes robust security training, advanced authentication methods, and up-to-date security practices. Users and organizations must stay informed about the latest security advancements and threats to ensure they are protected against emerging vulnerabilities.

Navigating ITAR Compliance: What You Need to Know in 2024

Compliance with International Traffic in Arms Regulations (ITAR) is crucial for companies involved with the U.S. defense sector. Much like adhering to traffic laws ensures safety on the roads, ITAR compliance is essential for the security of sensitive information and technology. The stakes are high, with severe penalties for non-compliance, including substantial fines and imprisonment.

Understanding ITAR Compliance

ITAR compliance involves adhering to regulations that control the export and import of defense-related articles and services listed on the United States Munitions List (USML). These regulations are designed to prevent the disclosure of sensitive information to unauthorized foreign nationals. Compliance is mandatory for manufacturers, exporters, and brokers of defense articles, services, and related technical data.

Recent Developments and Penalties

A recent example from March 2023 highlights the consequences of ITAR non-compliance, where a U.S. manufacturing company faced fines totaling up to $27 million for unauthorized exports. Such penalties underscore the importance of rigorous compliance practices.

Steps to Ensure ITAR Compliance

Registration and Licensing: Companies must register with the U.S. State Department’s Directorate of Defense Trade Controls (DDTC) and obtain the appropriate licenses for the goods they plan to export.
Compliance Policies and Training: Develop and enforce ITAR-compliant policies and procedures within your organization. Ensure that relevant employees are educated about ITAR and trained in maintaining compliance.
Monitoring and Auditing: Regularly review and update compliance procedures to adapt to any changes in ITAR regulations or business practices.

ITAR Compliance Checklist

Registration: Confirm registration with the DDTC is current.
Licenses: Acquire and maintain necessary export licenses.
Employee Training: Conduct ongoing ITAR training for all relevant personnel.
Audits: Perform regular internal and external audits of ITAR compliance.

Who Needs to be ITAR Compliant?

Beyond manufacturers and exporters listed on the USML, ITAR compliance is also crucial for companies that provide defense services or handle technical data related to defense articles. This includes a broad range of categories from firearms to spacecraft and includes services such as training foreign units or modifying defense articles.

Penalties for Non-Compliance

Failing to comply with ITAR can lead to penalties of up to $1 million per violation, criminal charges, and loss of export privileges. The recent increase in penalty amounts and enforcement actions reflect a growing prioritization of U.S. export controls.

Conclusion

ITAR compliance is not merely a regulatory requirement but a critical component of national security. The process may seem daunting, but the consequences of non-compliance are far more severe. Ensuring adherence to ITAR not only protects national interests but also safeguards your business operations and reputation. Stay informed, stay compliant, and consider leveraging expert resources to navigate the complexities of ITAR.

Useful Links for More Information

U.S. State Department’s Directorate of Defense Trade Controls (DDTC):
- DDTC Registration Page: Direct link for companies to start the registration process which is mandatory for ITAR compliance.
- DDTC ITAR Regulations Page: Detailed information on ITAR regulations, updates, and guidelines.
United States Munitions List (USML):
- USML Categories: Link to the electronic Code of Federal Regulations (eCFR) where the USML is outlined, detailing the specific articles and services covered under ITAR.
ITAR Compliance Training Resources:
- Export Compliance Training Institute (ECTI): Offers courses and seminars on ITAR compliance and other export control topics.
- Society for International Affairs (SIA): Provides training and conferences focused on defense trade and related compliance issues.
ITAR Compliance Checklist and Guides:
- Bureau of Industry and Security (BIS) Compliance Guidelines: Although focused on the BIS, many of the compliance principles are similar and this resource provides valuable compliance checklists and management practices.
- Getting Started with Defense Trade: Direct link to the DDTC resource that helps businesses understand how to start with defense trade, useful for new entrants needing ITAR guidance.
Government Publications and Updates:

- - Federal Register: For updates on ITAR and related federal regulations. Useful for tracking changes to ITAR regulations and associated public commentary periods.

Challenges and Opportunities in Data Mining in the Insurance Industry (2024)

This article was originally published in 2016, click here to jump to the 2024 update below.

Data mining in the insurance industry is extremely important and crucial to the process of information gathering by companies who indemnify those dependent on accurate coverage, and who wish to improve customer communication and compliance issues. This article will outline how insurance companies can benefit from using modern data mining methodologies to reduce costs, increase profits, improve their CRM and CCM compliance, retain current customers, acquire new customers, and develop new products.

Data Mining Defined

To better understand the nature of data mining, it can be helpful to define the term. It can be known as the process of selecting, exploring, and modeling large amounts of data to uncover previously unknown patterns. In the insurance industry, data mining can help firms gain business advantage. For example, through the application of comprehensive data mining techniques, companies can fully exploit data about customers’ buying patterns and behavior and gain a greater understanding of customer motivations to help reduce fraud, anticipate resource demand, increase acquisition, and mitigate customer attrition.

Recent Legislative Changes Affecting Data Mining

Recent U.S. federal legislation has cleared the way for changes in the way insurance firms can operate and compete in the United States and internationally. Although they have their roots in the Depression era, these legislative changes offer modern-day opportunities and challenges for those insurance firms that employ enabling technologies such as data mining to be more competitive in the growing global economy of the 21st century.

On November 12, 1999, U.S. President Clinton signed into law the Financial Services Modernization Act, which effectively repealed Depression-era financial legislation by enabling insurance companies, banks, and securities firms to affiliate with one another. Prior to that signing, the United States was one of only two major world economies with legislation prohibiting insurance companies, banks, and securities from offering each other’s products and services. The U.S. prohibitions were based on Depression-era judgements made about the causes of the Stock Market crash of 1929 and the ensuing economic woes. Those judgements led to the Glass-Steagall Act of 1933 and to the Bank Holding Company Act of 1956. These changes present significant challenges to, but also opportunities for insurance firms to improve their data mining strategies. The new challenges have been widely seen to have stemmed from:

Further consolidation.
Changes in distribution methods.
Increased competition.
Demutualization.
Redomestication.

Implementing Data Mining Projects

There is a lot of talk regarding the best way to implement data mining projects in the insurance industry. Many authoritative books and shorter works that are written by IT experts cover the topic in detail. One message found in many of these works is that implementing a data mining project must consider real-world, practical challenges. A data-centric approach is especially effective and can be divided into the following functional areas:

Accessing the data.
Warehousing the data.
Analyzing the data.
Reporting the results of the analyses.
Exploiting the results for business advantage.

Reliable Access of the Data

Making sure you’re getting reliable, accurate data is a prerequisite for and foundation of proper data mining.  A complete data access strategy should include the following key elements:

Access to all types of data sources.
Access to data sources regardless of their intrinsic platform.
Preservation of the source data through the adoption of  security routines.
An easy-to-use, consistent GUI that, while not requiring an  extensive knowledge of each data type, does provide the  flexibility to meet specific needs.
Integration with the existing technology rather than access  routines that require retooling of hardware and/or software or extensive, additional learning by users.

A properly designed and implemented data warehouse can help accomplish these key elements of a data access strategy.

A Sharp Focus on Customer Service

Many leading insurance companies are attempting to shift their focus away from the product-oriented models of the past and towards a more customer-centric policy to better serve their customers. Data mining technology can be utilized to better understand customers’ needs and desires. Analysis of marketing campaigns provides in-depth feedback and serves as the foundation of future campaign development.

Exploiting the Results  for Business Advantage 

The new information obtained from data mining can be incorporated into an executive information or online analytical processing and reporting system, and then disseminated as needed throughout the organization. The firm’s decision makers can then use the data mining results to answer important business-related questions such as, “How can we increase the ROI of our marketing campaigns?” for strategic planning and action. By exploiting data mining results in this manner, firms can better prepare for long-term growth and improve their opportunities for long-term prosperity.

The Takeaway

The key to gaining a competitive advantage in the insurance industry is found in recognizing that customer databases, if properly managed, analyzed, and exploited, are unique, valuable corporate assets. Insurance firms can unlock the intelligence contained in their customer databases through modern data mining technology. Data mining uses predictive modeling, database segmentation, market basket analysis, and combinations thereof to more quickly answer crucial business questions with greater accuracy. New products can be developed and marketing strategies can be implemented enabling the insurance firm to transform a wealth of information into a wealth of predictability, stability, and profitability.

April 2024 Update

Since the publication of the original article in 2016, the insurance industry has continued to evolve significantly in the realm of data mining. This update highlights recent developments, new challenges, and the progressive opportunities that have surfaced over the last few years.

Advanced Analytics and Machine Learning: The integration of advanced analytics and machine learning has become more prevalent. Insurance companies now utilize these technologies to enhance predictive modeling, risk assessment, and fraud detection capabilities. The sophistication of these models has improved the accuracy in pricing policies and identifying potential claims fraud.
Big Data and Real-Time Data Processing: With the advent of IoT (Internet of Things), insurers are tapping into real-time data streams from devices such as wearables and connected vehicles. This influx of real-time data allows for more dynamic risk assessment and policy pricing, transitioning from historical data analysis to proactive risk management.
Regulatory and Privacy Concerns: As data mining techniques become more invasive, regulatory bodies are tightening data privacy and protection laws. The General Data Protection Regulation (GDPR) in the EU and similar laws in other regions are influencing how insurers collect, store, and process data, emphasizing the importance of transparency and customer consent.
Customer-Centric Approaches: There’s a greater emphasis on customer-centric approaches within the insurance industry. Data mining is now extensively used to personalize customer interactions and tailor products to individual needs. Insurers are leveraging customer data to enhance service delivery and customer satisfaction.
Cybersecurity Challenges: With the increasing reliance on data, cybersecurity has become a critical concern. Insurance companies are investing heavily in securing their data repositories and systems to protect sensitive customer information and company data from cyber threats.
Ethical Use of Data: The ethical implications of data use have come to the forefront. There is a growing discussion around the fairness of data use in decision-making processes, especially concerning algorithmic bias and discrimination in pricing, claims handling, and customer selection.
Technological Partnerships: To stay ahead in technology adoption, insurance firms are increasingly partnering with tech startups and data analytics companies. These partnerships aim to leverage cutting-edge technologies and innovative methodologies to enhance data mining capabilities.
Impact of Artificial Intelligence (AI) on Employment: As AI and automation technologies improve, there are concerns about their impact on jobs within the insurance sector. Companies are navigating these changes by retraining employees and shifting job roles to more strategic and analytical positions that cannot be automated.

This update reflects the ongoing transformation within the insurance industry as it adapts to technological advances and changing market dynamics, continuing to leverage data mining for enhanced business efficiency and customer engagement.

Is AI Getting Too Powerful? (2024)

Originally Published August 2017| April 2024 Update at the End of the Original Copy.

Artificial Intelligence (AI) is at the forefront of new developments in computer science. But is it safe? According to experts, it could be “the best, or the worst, thing that to ever happen to humanity.”

Devastating battles are depicted in the scenes of dystopian, sci-fi movies, where computer-controlled armies defeat human-led forces. Luckily, for our sake, it’s all just a game. At The International, Valve’s largest Dota 2 tournament, an OpenAI bot defeated the top, professional Dota 2 players—And with only two weeks of practice.

If you don’t know about Dota 2, it’s of the most popular multi-player online war games played by professional gamers worldwide. The game’s popularity is due to Dota 2’s complexity which requires mastering multiple strategies, and a deep level of understanding and skill.

AI experts believe that OpenAI’s performance at The International was significant because it displayed the true power of AI today. And, even more so than when the AlphaGo bot won against a South Korean Go champion earlier this year. Unlike Go, which is categorized as the perfect information game where all players have access to the same information, Dota 2 has lots of hidden information which forces players to react quickly and adapt their own strategies.

So, what does all this game-playing have to do with you and your business? As evidenced in these games, computers are now smart enough to beat out humans. The IT experts at Intivix believe this is important. Not only is technology becoming an integral and essential part of modern life, but it’s becoming more powerful every day—And, this is scaring some very intelligent people.

Should you be worried?

It’s true. AI is rapidly improving, and the technology behind it is being incorporated into every part of our lives. From book recommendations on Amazon, to Siri and other virtual assistants, AI assists us with many daily tasks.

Although AI is in its infancy, the technology can reproduce much of what we thought was only possible in the science-fiction movies of 40 or 50 years ago. In another 40 years, will AI advance far enough to turn one of these fictional nightmare scenarios into reality?

People are already questioning whether building better AI is such a good idea. Elon Musk expressed his concern to the National Governors Association when he told attendees that despite warning people about the dangers of unchecked AI development, authorities do little to protect against its misuse. Musk called AI the “biggest risk we face as a civilization,” and called for preemptive regulations for the industry.

Musk isn’t the only scientist who predicts AI may lead to a disaster. Prominent theoretical physicist, Stephen Hawking, fears that once singularity in achieved, (the point where machines are more intelligent than humans) we won’t be able to prevent AI from acting independently. Hawking shares Musk’s view that if lawmakers don’t put regulations into place, advanced AI will become “either the best or the worst, thing that ever to happen to humanity.”

Others claim the AI doomsayers are watching too many movies, and claim that the idea of AI overtaking humans is ludicrous. The vice-provost of research at Imperial College London, Professor Nick Jennings, is one of them. He states that while it’s possible to develop AI that excels in a singular task, creating AI that’s capable of human-like intelligence across multiple subjects isn’t within the ability of today’s scientists. And, he doesn’t foresee technology advancing that far for a long time.

What worries more people than the “rise of the machines” nightmare becoming reality, is the continuation and acceleration of a trend that began in the 1980s. Andrew McAfee, an economist from MIT, describes a massive decline in the number of middle-class jobs in the US. He believes that the coming AI revolution will greatly speed up the rate of decline in the number of jobs, not only for middle-class workers, but for all workers.

Others disagree. Many economists believe history is a way to predict how new technology will affect the economy. They point to the effect of technology during the Industrial Revolution—That when machines displaced workers from factory jobs, they could find new and better jobs created by the introduction of machines, like mechanics. These views are supported by a 2011 study from the International Federation of Robotics, which shows for every one million robots added to the workforce, there were three-million new jobs.

What are people doing to prevent a horror scenario from unfolding?

So, what are we doing to ensure AI is being developed in a moral and safe manner? The quick answer is, not enough. Most of the people who work in the AI field disagree with those who are currently looking for ways to regulate the industry—And at present, there aren’t any AI regulatory legislations being worked on in Congress. However, some are actively trying to address the problem. DeepMind, which Google acquired several years ago, conducted a study on how to develop a ‘big red button’ that has the ability to shut down rogue AI in the future.

Whether you believe AI has the possibility to be dangerous or not, there’s no denying that AI is a powerful technology that will change the world. It’s important to be part of the discussion about how companies develop AI, and how it’s regulated. We all have the responsibility to learn more and stay educated.

Update as of April 2024

Since this article’s publication in 2017, the landscape of artificial intelligence has undergone substantial advancements and has brought new layers of complexity to the discussions around AI’s power and impact.

Technological Advancements: AI capabilities have significantly progressed, with the development of more sophisticated models like OpenAI’s GPT-4, which demonstrates profound improvements in understanding and generating human-like text. Similarly, AI systems in image generation, such as DALL-E, and advancements in robotics and autonomous vehicles, have highlighted both the potential and the challenges of these technologies.

Ethical and Societal Concerns: As AI becomes more capable, the ethical implications grow more pressing. Issues such as algorithmic bias, privacy, and the potential for AI to be used for surveillance have garnered public attention, calling for a more nuanced approach to AI development that considers ethical implications from the outset.

Economic and Job Market Impact: The impact of AI on the job market continues to be a topic of vigorous debate. While AI has automated certain job categories, it has also created new opportunities and roles, emphasizing the need for workforce adaptation and the development of new skills.

Regulation and Policy: In response to the rapid development of AI, several countries and international bodies have begun to formulate more concrete regulatory frameworks. Notably, the European Union is pioneering efforts with its proposed Artificial Intelligence Act, aiming to set comprehensive standards for AI usage that could serve as a model globally.

Technological Safeguards: Research into ensuring that AI systems are controllable and aligned with human values has advanced. Initiatives like the development of AI “off-switches” and other control mechanisms are crucial in addressing the risks of autonomous AI systems.

Public Engagement and AI Literacy: There is a growing recognition of the importance of public engagement in discussions about AI. Efforts are being made to enhance public understanding of AI technologies, encouraging informed discussions about how AI should evolve and be managed in society.

In conclusion, while AI continues to offer remarkable opportunities for advancement, the complexity of its implications requires vigilant management, thoughtful regulation, and active participation from all sectors of society to ensure that its development benefits all of humanity.

Automation: Enhancing Business and Workflow in the Modern Era

From revolutionizing efficiency to facilitating rapid order processing and project completion, automation’s influence on business operations is profound and ever-evolving. With advancements in machine learning and robotic process automation (RPA), businesses are not only replacing human effort in repetitive tasks but are also enhancing data handling and processing speeds. Incorporating automation into workflows liberates employees, allowing them to focus on more complex and creative aspects of their roles.

Integrating Machine Learning and Advanced Automation

When machine learning is added to the automation mix, systems both perform programmed tasks while also improving over time by learning from each task completed. These systems can identify problematic orders or interactions, prompting human oversight when necessary. However, while machines excel at logical and defined tasks, they are not suited for projects requiring creative solutions, highlighting the complementary role of human creativity in automated environments.

Case Studies of Successful Automation

Several companies exemplify successful automation integration. For instance, a major online retailer implemented robotic systems in their warehouses that not only sort orders but also predict stocking needs based on real-time data, significantly improving logistics and customer satisfaction.

The Dual Impact of Automation on Employment

Automation redefines job roles rather than merely eliminating them. While it reduces the need for human involvement in routine tasks, it simultaneously increases the demand for skills in critical thinking and creative problem-solving. For example, in healthcare, while robots assist in surgery and manage data, patient care still relies heavily on human empathy and decision-making skills.

Ethical and Social Considerations

As businesses adopt automation, addressing ethical concerns such as data privacy, surveillance, and algorithmic bias is crucial. Companies must develop guidelines to ensure that their automation tools are used responsibly and transparently, safeguarding against potential misuse.

Navigating Regulatory and Compliance Landscapes

With the expansion of automation, adherence to regulatory and compliance standards has become more complex. Industries like finance and healthcare face stringent regulations that govern how automated systems can be used, particularly in handling sensitive information.

Innovative Applications Across Sectors

In sectors like entertainment and service industries, while machines perform tasks ranging from customer data management to critical behind-the-scenes operations in media production, the creative and emotional inputs distinctly remain human domains. In insurance, automation streamlines claim processing, yet the final decision-making often requires human judgment.

Challenges and Limitations of Automation

Despite its benefits, automation introduces challenges such as significant initial investment and reliance on high-quality data. Technical issues can arise if these systems are poorly designed or implemented without thorough planning.

Enhanced Collaboration and Workflow Management

Automation allows for easier collaboration and tracking of progress and changes. Systems that automatically update and track project status enable a seamless flow of operations, ensuring that teams are informed in real time and can adjust their work dynamically.

Flexibility and Customization in Automation

Automation is not a one-size-fits-all solution. Businesses must thoughtfully consider which tasks are most suitable for automation, taking into account the need for accuracy and the potential to free up creative human capital. This careful selection process helps maximize the benefits of automation while maintaining the quality and integrity of business operations.

By embracing these advanced tools and addressing the accompanying challenges and ethical considerations, businesses can leverage automation to not only enhance efficiency and productivity but also to foster an environment where human and machine collaboration leads to greater innovation and success.

Are Your Employees Your Biggest Security Threat?

Most companies recognize that employees are their most critical asset, and without their everyday efforts, business couldn’t survive, let alone thrive. Along with this alliance comes entrusting staff with access to sensitive information, including company credit cards, banking information, proprietary business information, and customer contact information, to name just a few of the most common critical data types.

While the vast majority of employees who come and go are honest, trustworthy, and loyal during their tenure, it only takes one bad egg to violate the trust and expose your business. Of course there are horror stories involving a disgruntled employee who maliciously steals company data to cause harm to their employer or to help out another business venture. But the more common scenario is one where an employee causes accidental harm.

Today’s business climate is fast-paced, and as a result, more pressure is put on employees – multitasking becomes the norm, and chances of a person making a mental mistake or cutting a corner to meet a deadline is significant – especially in short-staffed departments or businesses.

A recent study by CompTIA noted that “human error accounts for 52 percent of security breaches” today. Since identity theft and cybercrime are growing daily, it’s critical for your employees to understand that even a small mistake or careless action can potentially threaten an entire organization, such as:

Misplacing cellphones, laptops, credit cards or leaving notebooks out in the open
Improper disposal of business files and documents (example: tossing in the trash without shredding)
Discarding (or e-cycling) old hardware without removing data
Sending business documents to your personal e-mail or saving them to Dropbox
Working on private documents from a public WiFi network
Sending non-encrypted financial information via e-mail
Plugging infected devices or USB drives into your network
Sharing passwords casually with colleagues, vendors, partners

If any piece of confidential data gets in the hands of the wrong person, it can open the door to a breach. The good news is that most of the mistakes listed above can be prevented with proper security measures and awareness. In the event something like this does occur, it can be shut down before any real harm is done when reported and acted upon in a timely manner.

The bad news is that cybercriminals are innovative and constantly come up with new ways to take advantage of human error. They use trickery and disguise to lead people to perform actions or divulge confidential information needed to access restricted data. After all, why would a hacker force entry from the outside when it’s easier to gain access from the inside?

This type of psychological manipulation is often referred to as phishing and social engineering attacks. These methods are much more dangerous because they could potentially bypass even the best security systems in place. Oftentimes businesses don’t know they’ve been hacked until it’s too late.

What can be done?

There are a number of things you can do from a technical perspective to protect against outsider attacks, such as: proactively monitoring your network for suspicious activities, requiring complex passwords and setting up two-factor authentication, implementing content filtering, advanced email encryption, and so on.

But when it comes to insider threats, protection starts with educating your end users. CompTIA indicated that of the “700 business executives surveyed, less than half said their company offers some form of cybersecurity training.”

Just like the cybercriminals out there, we as responsible business people must change our strategies to stay ahead. The conversation must not only be about securing devices, but also about enforcing proper behavior through education. And it’s not just IT and accounting departments that need to be diligent — all employees need to know about the evolving threats, the security practices in place, and the risks they impose on the business by not following protocol.

If you’re an ITS client and would like to set up a security best practices overview for your users, contact your Strategic Advisor today. We’re happy to come onsite and provide a free, lunch-and-learn session for your entire staff. If you’re considering additional protection, check out our advanced security plans which include features such as routine phishing training and testing to identify which users are most vulnerable to an attack.

Unsure if your managed service provider is doing everything they can to keep your business protected? Contact us today to set up a network security assessment and formal evaluation. For more information about the ways IT Solutions can help protect your business from both inside and outside threats, check out our Managed Security options.

HR Compliance Webinar: The Info You Need to Keep Up with the Latest Laws

Join Us for a Crucial Update from a Noted HR Expert

HR Compliance Webinar: The Info You Need to Keep Up with the Latest Laws

On Thursday August 25, IT Solutions hosted HR expert Matt Roessler, MS HRD, of the MidAtlantic Employers’ Association, and he addressed frequently asked questions from the MEA HR & Legal Hotline.

At IT Solutions, we strive not only to partner with each of our clients to support and guide their technology, but holistically, to help in others areas of their business as well. In this spirit, we’re always searching for valuable educational content to share. Employment laws and regulations continue to change, leaving business owners and HR leaders in a constant state of worry. From the legalization of recreational marijuana to job postings now requiring pay rates, the overturning of Roe v. Wade, and remote work considerations, it’s difficult to keep up!

Details

Event: “The Info You Need to Keep Up with the Latest Laws”
Date: Thursday, August 25, 2022

Speaker & Host


Matt Roessler, MS HRD HR Expert MEA	Ben Prorock Business Development IT Solutions

The MEA is the region’s foremost provider of comprehensive HR Compliance, Consulting and Outsourcing Services. With 600+ member organizations in the greater Philadelphia region, MEA is uniquely positioned to support the small to mid-size employer market, ensuring their members have better people and better business outcomes.

Video Transcript:

[00:00:14.890] – Ben Prorock

Alright, well, good afternoon everyone. We’ll go ahead and get started. First of all, thank you everyone for attending our HR compliance webinar. Thanks to Matt Roessler from MEA for being willing to share this valuable content with us. Quick introduction around IT solutions: we are a local, Fort Washington, PA-based managed service provider in the IT space, outsourced IT, and while we provide our clients with IT resources, support, and guidance, we also know that our clients are all experiencing challenges in so many areas of their business, and not least among them is the HR space. So we always want to bring educational content both to our clients and our friends and our network around other spaces as well, including but not limited to technology. So that was the genesis of today’s call to bring Matt and his team. We’ve had a long-standing great relationship with Matt and really appreciate his willingness to share. So we’re going to have about a 20-minute presentation, and then we’ll have time at the end for Q&A. Feel free or please do send in any questions that you have in the chat. Matt and I will see those pop up and we will address any questions that come in at the end during the Q&A time.

[00:01:44.180] – Ben Prorock

So Matt, I’ll throw it over to you and I hope everyone enjoys.

[00:01:48.890] – Matt Roessler, MS HRD

Perfect.

[00:01:49.630] – Matt Roessler, MS HRD

Thanks Ben, and great to have everybody on the call today. As Ben said, I really appreciate the opportunity to go through some of this information with you, and I appreciate Ben and IT Solutions having me here to have the conversation. And as Ben said, right, there’s, very limited times when HR goes smooth. There’s always something that’s going on in the world of HR, it’s those times when nothing is going on that I really tend to get scared. That’s when something tends to drop and it’s kind of out of the blue. But we’re going to look at some of the more common and recent questions that we’ve been asked here at MEA on our expert HR and legal hotline. So before we get into that, I just want to set the stage real quick in terms of who MEA is. MEA is the region’s leading provider of HR consulting, outsourcing, and compliance services. So we have been in business for 120 years. We’re a nonprofit membership organization based right up the road from Ben and his team in King of Prussia. Currently we serve over 600 member organizations and they range anywhere from two person organizations up to global organizations with thousands of employees.

[00:03:03.650] – Matt Roessler, MS HRD

Our members are typically within the Maryland, Delaware, New York, New Jersey, and Pennsylvania region. However, as you would imagine, and I’m sure you’ve experienced with an increasingly remote workforce, our capabilities certainly extend well beyond those borders. So as we get into what we’re hearing, right again, 24/7 HR hotline, 600 member organization. So you would imagine that on a daily basis, our team is fielding questions from HR leaders, could be a CHRO, could be an HR coordinator, as well as business leaders, business owners, CFO’s managers, supervisors. So we do get a very wide spectrum of questions. And those questions range everything from wage and hour to leave of absence, termination, reasonable suspicion, and we’ll spend some time talking today about all of those particular areas. So Ben said, as we go through, please do put questions into the chat. Again, these are going to be some more high level type of questions and answers, but certainly if you have more specific questions, happy to answer them to the best of my ability on the call today.

[00:04:17.270] – Matt Roessler, MS HRD

So starting with wage an hour, right, how you pay your employees, how you pay your team members, everything from FLSA salary exempt, non exempt, eligible for overtime, to whether or not you can mandate direct deposit. So one of the questions we get all the time, and we understand the reason behind it, right, is can we mandate direct deposit in Pennsylvania or New Jersey? Reason being, often times it’s just convenience, right? Nobody wants to have to walk down the hall or mail out a pay stub or hand over a paper check. So from the employer perspective, we certainly understand the question, and we’ll show you what that answer is on the next slide here. The next question that we hear quite a bit relates to FLSA Fair Labor Standards Act. So again, exempt, non exempt, do I have to pay overtime? Can I just pay somebody’s salary? Quite a bit of nuance with this particular question, but one of the first hurdles is that somebody is paid at a salary basis, and there is a threshold for that salary before you even can be considered exempt. So we often get the, hey, somebody’s making 40, 50, $60,000 a year, we pay them a salary. Of course they’re exempt from overtime, right? We’ll take a look at the answer on the next slide. And then again from a lot of our manufacturing clients, but also our professional services organizations with unauthorized overtime. Particularly in a more remote workforce now, we do have the concern, or you should have the concern over your non exempt employees who you do need to pay overtime too, whether they’re working more than 40 hours, right? And that could be authorized, that could be unauthorized. A lot of times where we see that come in is with cell phones, right? Everybody’s got their phone in their pocket at all times, shooting off emails late at night, answering phone calls when maybe they shouldn’t be, something to be aware of as it relates to overtime and individuals who are not exempt.

[00:06:25.610] – Matt Roessler, MS HRD

So if we turn to the answers, the answer to the first question, can you mandate direct deposit is no. So unfortunately, you can’t mandate direct deposit. I know a lot of employers out there do. Of course you’re going to put the direct deposit slip in your onboarding packet if it’s still in paper or you’re going to have the direct deposit fields in your electronic onboarding through your payroll system, but you cannot mandate it, right? One of the ways around that if somebody says that they don’t want direct deposit is pay cards. So you can give out those reloadable pay cards, that is an option to kind of get around the inability to mandate direct deposit. Talk to your payroll company about that. They very likely have a provider that they work with. But the answer that first question again is no, you cannot mandate direct deposit. The second question again, back to the FLSA in this case as well, just because somebody is making $40,000 does not necessarily mean that they can be classified as exempt from overtime, right? Where you don’t have to pay them overtime for working hours over 40 in a work week. That is one of the hurdles, as I said, I think the exact numbers about $35,000 and change, I think it’s $35,560 or something along those lines. That is the first hurdle that you have to pass, right? Somebody has to be paid at a salary basis at least making that amount of money.

[00:07:47.890] – Matt Roessler, MS HRD

The next hurdle relates to the approved exemption classifications and there’s about seven or eight of them outside sales, for example. It professional administrative, but very specific rules and regulations around who qualifies for an exemption beyond just simply the salary basis. One of the other questions we get is often, well, we’ll just call him a director of whatever, right? We’ll call the director of administration or we’ll call them the senior manager of administration when maybe they perform more administrative type of tasks. Title doesn’t matter here, really what the DOL is going to look like or look at, I should say, is the responsibilities. So if you get a DOL audit, they’re going to come in, first thing they’re going to look at is that salary basis. Second thing they’re going to do is they’re going to talk to the employees or they’re going to want to look at the job description and responsibilities, not the title, right? So title here doesn’t matter. Small distinction, but very important one. So you want to look at both of those things. There are great fact sheets. The DOL puts out fact sheets that can walk you through exactly what those approved exemption classifications are. So you can take a look at that and make sure that your positions are meeting those exemptions.

[00:09:03.770] – Matt Roessler, MS HRD

And then the last question was related to unauthorized overtime, right? So again here, very specific regulation. Even if the overtime is unauthorized, you do still have to pay for it. So there’s language that what is it if the employee is permitted to suffer work or something along those lines, I think the actual language, you have to pay them for it if there’s a benefit to the organization. So again, even if it’s unauthorized, you do have to pay them for that over time. How do you mitigate that? Good, clear communication to your employees, good, clear communication and education for your managers and supervisors around how to watch for those things, right? If you have a non exempt employee who takes lunch at their desk and they’re eating lunch, but they’re also typing out emails, taking phone calls, that’s work time, right? Having get up, have them walk out of the location, have them you know take lunch off site or at a cafeteria where they’re not doing any work. Make sure that cell phones are turned off at 05:00, right? They’re not sending off emails if it’s somebody who is not exempt. All of those types of things can help to mitigate having to pay unauthorized overtime. The last resort is really discipline, right? So if you’ve got somebody that you’ve spoken to a couple of times and said, listen, we need you to stop working at a certain point, or we need you to take lunch up and away from your desk, they continue to do it where you still have to pay them over time. You can always resort to discipline. Of course, we never like to do that, but it is there if you do need to. All right, so that’s a little bit about wage an hour in terms of the questions that we get.

[00:10:41.810] – Matt Roessler, MS HRD

Second topic of discussion here is going to be leave of absence. So if anyone on the call has ever worked with leave of absence, you know, it can be an absolute nightmare. HR in and of itself has quite a bit of alphabet soup going with acronyms leave of Absence, LOA, STD LTD, FMLA, Worker’s Comp. It’s quite a nightmare. And a lot of those things, PTO, a lot of those things do tend to layer on top of each other and kind of weave together depending on the situation. So some of the questions will get, can an employee take PTO instead of FMLA for a surgery? Or can an employee request unpaid leave instead of FMLA for an FMLA qualifying event? Can I terminate an employee who doesn’t return from a leave of absence? Not uncommon for an employee to go out on a six, eight week short term disability or a twelve week FMLA leave and then still need a week, two weeks, three weeks after that ends to be able to come back to work. So we’ll talk about what that looks like. And then the last one here, an employee who has a chronic health condition requested some time off, doesn’t yet qualify for FMLA. What should we do? For those of you who aren’t familiar with FMLA (Family Medical Leave Act), 50 or more employees within a 75 miles radius, the employee has to be with you for a year and has to put in, I think it’s 1250 work hours to qualify. So there are some triggers here in terms of somebody being eligible for FMLA, but for the purposes of that first question, we’re going to assume that this person is the intent of FMLA is to protect the employee’s job, right? So FMLA does not guarantee income. What FMLA does is it guarantees job protected leave for up to twelve weeks.

[00:12:36.650] – Matt Roessler, MS HRD

So the answer to the first question, can an employee dictate whether or not they want to take FMLA? The answer is no. Right? So as an employer, if you meet the criteria for having to offer FMLA if you have enough information, and this is what you’re going to gather from the employee, from their physician using the FMLA paperwork. If you have enough information to designate that leave as FMLA, you want to go ahead and do that, right? Two reasons, again, it protects that employees job and it also starts the clock, right? So SMLA gives you twelve weeks of job protected leave within a year, and we can get into specifics about how you define that year, but at a high level, twelve weeks of job protected leave within a year. So it protects the employer in that you don’t have to just give unlimited amounts of leave.

[00:13:29.160] – Matt Roessler, MS HRD

So that’s why you do want to designate FMLA situations as such when they come up here. Again, you can have FMLA layered on top of a worker’s comp leave, you can have FMLA layered on top of a short-term disability leave. Both of those are going to protect the income, whereas FMLA is going to protect the job. So a lot of nuance here, a lot of considerations that go into this one. But again, the short answer is if you have enough information, if the individual qualifies for FMLA, you want to be designating that leave as such. A lot of employees will say, I don’t want to go down that route simply because there is paperwork involved and it’s just another nuance. But you do want to push for that.

[00:14:17.090] – Matt Roessler, MS HRD

The second question, each situation is going to vary depending on the facts. Do we need to or can we terminate somebody who doesn’t return from a leave of absence? Or what do we do for an employee who needs time off, but they don’t qualify for FMLA? All of these are going to depend on a number of different considerations, internal policies that you may have. So hopefully your handbooks have a personal leave of absence or non FMLA leave of absence policy that’s clearly spelled out. If you don’t, you always want to look at past precedent. What have you done for other employees who have been in similar situations? Make sure that you’re remaining consistent. When we talk about ADA, another one of those acronyms, Americans with Disabilities Act, this really comes down to organizations needing to make reasonable accommodations for individuals with disabilities. In the case of these examples, a reasonable accommodation may be a little bit of an extended leave, right? So an extra week, two weeks, maybe three weeks, anything more than that, you probably want to talk to an HR professional or an attorney. But a couple of extra weeks of leave may be a reasonable accommodation so long as it doesn’t impose a hardship on the organization. So all things to keep in the back of your mind, it’s not, unfortunately, as cut and dried as saying, hey, you’ve reached the end of your twelve weeks of FMLA, so you’re terminated. There are other considerations that go into that.

[00:15:50.130] – Matt Roessler, MS HRD

When we talk about termination in general, again, we get this question all the time. We understand why our members are asking it. Can I just simply layoff an underperforming employee rather than firing them? It’s the easy option, right? It’s not the right option. So because there are certainly potential legal implications with a layoff as opposed to a termination, you want to make sure that you’re doing it the right way. Layoff is a very specific definition. It’s a specific label. In a layoff generally, an employee is being let go for either downsizing or rightsizing of the department. There may be increased automation, decreased business. A layoff may be continuous and forever, or you may have a layoff that’s for a certain period of time construction a lot of times, right. If you’re working outside, you may have periodic layoffs over the winter months where you can’t be working on road construction. So again, very specific definition of layoff, where termination again, is going to be for cause, right? It’s going to be for poor performance, it’s going to be for violation of a policy, something along those lines. Calling that termination that has an underlying reason.

[00:17:10.680] – Matt Roessler, MS HRD

A layoff, again, carries substantial legal risk if an employee were to bring a lawsuit. So with anything that you do from an HR perspective, you always want to think, what am I going to say and what facts am I going to be able to present when I’m sitting on a witness stand, right. The only way to defend against a claim of discrimination from an employee who was laid off is going to be that you have good evidence to support why it was a lay off again, business downturn, rightsizing, as opposed to a termination for cause. You don’t want to be in a position where you’re on the stand and somebody says, well, you called it a layoff, but talk to me about why. And then you have to say, well, it was really because they were under performer, because they broke a rule, call it what it is, even though it’s going to be a little bit more tricky and uncomfortable to have those disciplinary or performance conversations, you really want to call terminations what they are and walk the employee through the appropriate process. One of the other questions we often get with the termination that a member or organization wants to call a layoff is how long do I have to wait before I hire somebody else?

[00:18:17.440] – Matt Roessler, MS HRD

So again, if we’re looking at a layoff as business is down, we’re rightsizing the department, but it’s really because of performance, then you really shouldn’t be hiring somebody to replace that person for at least several months. Right. Two months is better than one, six months is better than two. But certainly if you’re calling it a layoff, you don’t want to be then back filling that position within two or three weeks because then that runs completely counterintuitive to the definition of a layoff reasonable suspicion.

[00:18:54.550] – Matt Roessler, MS HRD

Again, the legal landscape is continuing to change quite a bit, particularly here on the East Coast. Some of the more progressive states California, Colorado, we’ve seen some of these things put in place for a while now, but they are starting to creep out this way. With an increase in the legalization of recreational marijuana, how do we protect our businesses? A lot of information on the slide here. I’m breaking every rule when it comes to PowerPoint presentations, but I want to make sure that you have the information that you need. So while we are seeing an increase in states and localities legalizing the use of recreational marijuana, it is still illegal at a federal level, right? So that’s important to know. This is really important for those of you who may be a federal contractor, subcontractor, those of you who may have Department of Transportation drivers, you may not have the ability to wipe marijuana off of your post-offer prehired drug screens, where other organizations that aren’t engaging in federal contracts or have DoT drivers are more and more pulling that off of their drug panels. A big thing, if you’ve ever heard any of our attorneys speak here at NEA, what they like to use as an example is alcohol use, right? So assuming you’re at age 21, alcohol use is completely legal. That doesn’t mean, however, that you can have a beer and then come to work, or have a couple of beers and then come to work, right? Even though you can drink recreational, you cannot come to work under the influence. Same idea for marijuana, whether it’s recreational or in some cases, medical marijuana.

[00:20:38.630] – Matt Roessler, MS HRD

If somebody provides you with a medical marijuana card, that one’s a little different. Again, back to Ada Americans Disabilities Act, there may be some ADA implications there that you want to take into consideration and certainly speak to an attorney if you need to for that particular situation, but from a recreational perspective, you cannot come to work under the influence of marijuana. Now, I say that, but just the other day something came across my email inbox, where I believe it was DC, is considering maybe allowing individuals to come to work under the influence, and what that looks like and what that means, I think we’re still in the infancy, but that’s going to get real interesting real quick if we start to see states and localities put things like that into place.

[00:21:27.870] – Matt Roessler, MS HRD

Job posting and interviews. Again, new things in the world of job postings. We are starting to see some states, some localities requiring postings with salary ranges. So we’ll talk about what those locations are in the next slide. And then, of course, most of us have probably seen pronouns in the workplace, right? So one of the questions we’ve recently received is, can we ask about preferred pronouns in a job application or during the interview process?

[00:22:02.310] – Matt Roessler, MS HRD

So specific to the first question for any of you who may have operations or who are looking to hire in New York City or Colorado if you’re going out that way, but we’re local to our region. New York City did just put in place a pay transparency law that’s going to go into effect November 1st, and that makes it a discriminatory practice to post a job posting that does not include minimum and maximum salary or hourly wages. So this is important if one, you don’t have those defined. So if you’re not an organization that has gone through the process of developing your compensation structure, you may not have those. Also important, if you’re not an organization that has transparency around compensation internally, all of a sudden you’re going to have to post minimum and maximum rates on job postings. What happens when somebody internally sees that, sees that posting and reacts to it? So all things to consider, maybe setting that internal compensation philosophy.

[00:23:11.760] – Matt Roessler, MS HRD

Another consideration, which is kind of an unfortunate side effect of the New York City Pay Transparency Act as well as some of the Colorado laws that have gone into effect. I have members that say we’re just not going to hire there, right? We would have otherwise looked at hiring folks in New York. We would have otherwise looked at hiring folks in Colorado, but not anymore, right? Same thing goes with a lot of employment law. Colorado, again, a very employee friendly state. There’s a lot of laws on the books in Colorado. We certainly have some members that say not hiring there, just kind of moratorium on hiring. So always good as we start to creep out more and more to a remote workforce to look at the states that your employees are potentially going to be moving to, for the state laws that are going to be coming into effect.

[00:24:03.010] – Matt Roessler, MS HRD

The second question, pronouns and asking about them during the interviewer application process. Again, developing area of the law, but pronouns, probably don’t want to go there in the pre-hire phase of conversations, right? This is likely going to be in a category of information that you don’t necessarily want to know before making a hiring decision, because potentially, if somebody discloses that they use pronouns that don’t necessarily match their physical appearance and then they’re not hired for a valid reason, they still could come back and think that it was for the use of pronouns. So that’s something that you just want to be very careful about. Similar to other information that may come up in an interview process about transportation or child care or things of that nature, you always want to be making decisions based on the fit for the role, not on any protected classes.

[00:25:03.790] – Matt Roessler, MS HRD

And then just real quick in wrap up, you heard me say through a number of those Q&A considerations, so federal, state, and local laws, we are starting to see more and more states more and more localities put in place laws that they believe the federal government should have in place and hasn’t yet done anything with. So they’re taking the initiative. Always want to be careful that you are acting in compliance with those federal, state and local laws. Company size, again specific to FMLA, even ADA, there are thresholds for some of these things. Again FMLA from a federal level you’re looking at 50 employees within a 75 mile radius. Now for any of you who are in Jersey, you do have New Jersey family leave insurance, you have New Jersey STD. So again, one of those differences between federal and state laws there. Employee tenure again, how long has an employee been with you? What are your past practices in similar situations if you don’t have a specific policy but always want to be giving good thought to any of your actions before you take them to make sure that you mitigate any risk.

[00:26:20.410] – Matt Roessler, MS HRD

And with that I’m more than happy to take questions here as we go. Looks like we have a couple in the chat here but again, anybody on the call is more than welcome to reach out. I’m happy to talk to you individually as well.

[00:26:34.330] – Ben Prorock

Thanks so much Matt, that was really informational. So yeah, we do have a couple of questions here. Please keep sending in questions via the chat and we will hang on as long as we need to to answer them. But a couple here. So for non exempt employees who are working from home, where is the line typically drawn as to what counts as work or not work after hours and is there a minimum increment of time?

[00:27:11.050] – Matt Roessler, MS HRD

Yeah, so again, if you go to the DOL website again there’s a ton of fact sheets out there as they call them. There is something called de minimis time, right? So when we talk about phones and things like that, I have teams on my phone, I have emails for four or five different members on my phone. If you have a non exempt employee who sees a team’s message come across after hours and just replies back with a thumbs up emoji or something like that, probably to minimize time, right, you don’t need to compensate them for that. However, if they’re typing out a little bit of a response and they’re doing a little bit of research and even that’s five minutes here and there, that all adds up, right?

[00:27:53.230] – Matt Roessler, MS HRD

So there’s a case, I think it’s out of California, not surprising, I believe it was a Starbucks manager and as crazy as it may sound, I think I have this right. The time clock was in one part of the building, the alarm was in another part of the building. So every day the manager clocked out way over there, had to walk to the alarm, set the alarm and then left the building, right? So what they did is they said, well listen, the two minutes it takes me to walk from the time clock to the alarm box, I should be compensated for that. Right. But I had to clock out, so I’m not getting compensated for that. So day after day, right, two minutes starts to add up, and year after year, that’s really what you’re looking at. But the rule of thumb is if you’ve got a nonexempt employee working from home, again, have the rules, have the policies that at 40 hours you shut down, unless it’s authorized for the overtime. Managers, supervisors, if you see that nonexempt employee at 10:00 at night shooting off emails after they put in a full day, you want to be having a conversation with them: listen, we don’t expect you to be doing that. We don’t need you to be doing that. We can’t allow you to do that. So that’s where that manager training really comes into play and kind of having that awareness of watching out for those things.

[00:29:15.550] – Ben Prorock

Really helpful. Thanks, Matt. Some others here and again, please keep sending them in. We’re happy to take as many as come in. So let’s say that you’re an employer. You’re really interested in creating a fair interview process within regulation, within compliance. What is the best, I’m sure there’s a lot of ways, but what are the best ways to stay in compliance within regulation?

[00:29:47.050] – Matt Roessler, MS HRD

Yeah. The simple answer is just manager supervisor training. Right. So anyone that’s involved in the interview process, whether that’s from HR to supervisors to managers, sometimes you’ll have executives involved in the interview process, they can be some of the worst offenders, to be honest with you. You may have employees involved in the interview process, somebody that knows the job well. They may be part of that Q&A panel discussions, those types of things. You want to be training them. That’s the easy answer, because there are so many regulations that are coming up. How do I get the information I need to make a good hiring decision? How do I do that legally? Again, in New Jersey and a few other states now, I think Massachusetts was the first in our region to put it into place, you can’t come out and say, hey, what are you making in your current role, even on job applications. If your job applications in New Jersey have the field of what’s your current salary? You need to be pulling that out. That can’t be a question you ask at this point. There’s very specific ways of getting to that information. You can ask, okay, what would you like to make? But you can’t ask, what are you currently making.

[00:30:59.300] – Matt Roessler, MS HRD

Again, nuanced, little state and local law. What do you do if somebody says to you, hey, in a retail job, for example, right, I’d love to work for you, but I go to church every Sunday, or I go to synagogue or I go to temple or whatever I go to, how does that affect my candidacy. How do you back out of that? If working on the weekends is a requirement of the job, then potentially you’ve got a realistic reason for not hiring that individual. If it’s not, then you want to make sure that the decision is based on good, solid reasons for the role as opposed to anything related to a protected class.

[00:31:44.350] – Ben Prorock

Awesome. Thank you for that feedback. We have one last question here, but again, please keep sending them in. We’re happy to stay on. So how long do you have to document underperformance before you can consider terminating an employee?

[00:32:06.350] – Matt Roessler, MS HRD

So under performance, so we’re talking a little bit different here between underperformance and maybe a policy violation, right. So policy violation, I know that wasn’t the question, but policy violation, depending on how severe that policy violation is, could be an immediate separation. If it’s a small thing that just needs some retooling, reskilling, retraining, that’s probably something you want to document, and then hopefully the action corrects itself. Underperformance. That’s a tricky one. So it depends, again, on how severe the underperformance is. I don’t think you’re doing harm by if within 30 days, somebody’s not getting the very basics of the job, and I’m talking the absolute basics, within a relatively short period of time, having the conversation of this probably isn’t a good fit. You’re doing the best by yourself as an employer. You’re doing the best by that employee. Things that are maybe a little bit harder to grasp, it depends on how generous you want to be. Do you want to continue to work with an employee? Do you want to put them through training? Do you want to put them through skills and partner them with employees who may be in there for a while? I always fall back to if it’s not a good fit, you’re going to know that pretty quickly, and it’s better to make that decision quicker than let it linger. Again, reason being, it’s the best for everybody. And the longer you potentially let something like that go, the possibility of somebody having an FMLA event or an ADA event or something to that degree increases. If we’re talking from an unemployment compensation perspective, unemployment comp is very hard to win from an employer perspective. I mean, you could leave somebody on the books for three years and tell them every week that they’re not performing well and you still might not win unemployment comp. So there’s a couple of different underlying reasons of why you might want to wait a little longer or just cut ties earlier in the process. But again, I fall back to when you know it’s not a good fit. You typically both sides know it’s not a good fit and better to have that conversation earlier than later.

[00:34:33.480] – Ben Prorock

Yeah, really helpful. So I think that will conclude our time together. I know I can speak for Matt, if you have any questions around anything we talked about today or around MEA, please feel free to reach out. His information is on the screen there. Of course, feel free to reach out to myself or any of anyone at the team at IT Solutions, whether you’re a client today or not, around any technology needs. Always happy to have that conversation as well. So thanks, everyone. That will conclude our time. Have a great rest of your Thursday afternoon. Thanks so much.

[00:35:16.830] – Matt Roessler, MS HRD

Thanks, everyone. Thanks, Ben.

There’s No Better Time to Review Tools, Policies and Confirm Your Level of Protection

As the Russian invasion of Ukraine continues to unfold, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging U.S. businesses to double down on cybersecurity protocols. Here at IT Solutions, our experts are on standby to help business leaders do just that.

Immediately after the conflict broke out, suspected Russian-sourced cyberattacks increased more than 800%*. The “CISA Shields Up” initiative encourages firms of all sizes to take concrete steps to reduce their odds of a cyberattack and ensure they’re prepared in the event of a breach. Recommendations include assessing unusual behavior, assembling a crisis-response team, and shoring up vulnerabilities that might exist in their networks.

We understand that these extra steps are inconvenient, but they are mission-critical. U.S. businesses have been warned to watch out for a laundry list of exploits, from advanced persistent threats (APTs) to malware, ransomware, network attacks, zero-day vulnerabilities and much more.

The harsh reality is that nefarious, state-sponsored cyber-activities have always tended to escalate when geo-political tensions are high. The Russia-Ukraine conflict is no exception. If you don’t have the time or resources to ensure your organization is following cybersecurity best practices, or to request a complimentary network and security assessment, please give us a call at 1.866.PICK.ITS.

*https://www.forbes.com/sites/emilsayegh/2022/02/28/the-cybersecurity-implications-of-the-russia-ukraine-conflict/?sh=77f96ff01242

Data Backup and Disaster Recovery Plan

Statistics show 90% of companies unable to resume operation within 5 days after a disaster are out of business within one year.

“Disasters” come in all shapes and sizes. They can be as small as a failed network switch or computer virus. There are also other risks of data corruption, including embezzlement, espionage or even a leak in bathroom next door or the floor above. Or, what about human virus outbreaks? Do you have a plan if the flu hits your staff and keeps a sizable percentage of people away from the office for the better part of a week? These seemingly minor events can have a shocking impact on a business, often bringing operations to a standstill.

If a disaster were to strike your business such as a flood, the flu or a heavy winter storm knocking out power and access to your office, are you prepared to conduct business as usual? As your trusted technology partner and as part of National Preparedness month, we want to remind you to be aware of these real life scenarios, but also inform you of the preventative measures – such as creating a Disaster Recovery and Business Continuity plan – to prepare for even the most severe disasters.

Data Back Up and Recovery Plan

Let’s face it – your data is your business. And one of the most critical pieces to your disaster recovery plan is your data backup and recovery. To begin with, conduct an inventory and analysis of your hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. Analysis of your technology should include the frequency of your backups and desired data restoration times. While hard drives and tapes are still a feasible back up option, the amount of time it takes to rebuild a server and access that data can be costly to your operations.

Newer technology allows data to be transferred offsite to a secure location every night. Your data should be backed up or replicated to a highly secure, SSAE16 Type 2 datacenter that guarantees uptime levels that you cannot.

At IT Solutions, we recommend backing up with the ITS DataVault or a comparable device. Moving servers and related equipment out of your office and into a data center eliminates threats in your building and safely shifts 100 percent of backup processes to an off-site environment where security is second to none. Fully redundant server hosting options are available through offerings like the IT Solutions NearCloud plan. Added benefits of hosting your data offsite include the elimination of expensive server hardware refreshes every few years, lower power and cooling costs, and the overall shift of IT infrastructure costs from capital to operating expense.

Implementing data backup and recovery practices will enable your workforce to access email to communicate with your customers, access critical files and applications from home and conduct business as usual despite loss of power in your office space.

September is National Preparedness month. The nationwide initiative was launched back in 2004 as a result of the 9/11 terrorist attacks. It has since grown into an initiative that covers everything from natural or man-made disasters, storms and any other threats including cybercrimes and nuclear accidents. The goal is to be prepared ahead of time and keep you, your family and your business safe. The American Red Cross and FEMA provide helpful resources including check lists to assist in your preparation for a disaster.

If you have any questions related to data backup and recovery services or would like to discuss developing a disaster recovery plan of your own, contact your Strategic Advisor today or call 1.866.Pick.ITS.

Monitoring Employee Internet Usage: Technology & Ethics

New Phishing Attacks Make 2FA Useless – Updated

Who Uses 2FA?

How Does 2FA Work?

How Are Hackers Bypassing 2FA?

How Can We Defend Our Business From This 2FA Phishing Scam?

Education Is Essential To Defend Your Business Against 2FA Scams

Updated Perspective: July 2024

Navigating ITAR Compliance: What You Need to Know in 2024

Useful Links for More Information

Challenges and Opportunities in Data Mining in the Insurance Industry (2024)

Data Mining Defined

Recent Legislative Changes Affecting Data Mining

Implementing Data Mining Projects

Reliable Access of the Data

A Sharp Focus on Customer Service

Exploiting the Results for Business Advantage

The Takeaway

April 2024 Update

Is AI Getting Too Powerful? (2024)

Update as of April 2024

Further Reading

Automation: Enhancing Business and Workflow in the Modern Era

Are Your Employees Your Biggest Security Threat?

What can be done?

HR Compliance Webinar: The Info You Need to Keep Up with the Latest Laws

Join Us for a Crucial Update from a Noted HR Expert

HR Compliance Webinar: The Info You Need to Keep Up with the Latest Laws

There’s No Better Time to Review Tools, Policies and Confirm Your Level of Protection

Data Backup and Disaster Recovery Plan

Exploiting the Results  for Business Advantage 